From 482e47479eca9afe5fb0390db8e0e8d7e02363c7 Mon Sep 17 00:00:00 2001
From: Zach Dworkin <zachary.dworkin@intel.com>
Date: Tue, 17 Dec 2024 15:48:30 -0800
Subject: [PATCH] contrib/intel/jenkins: Do not run pipeline for unauthorized
 users

Lookup a all teams and users in the ofiwg github team.
If the submitter is not in the list of users then deny them

Signed-off-by: Zach Dworkin <zachary.dworkin@intel.com>
---
 contrib/intel/jenkins/Jenkinsfile | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/contrib/intel/jenkins/Jenkinsfile b/contrib/intel/jenkins/Jenkinsfile
index 3e176da7d06..7c956d50a79 100644
--- a/contrib/intel/jenkins/Jenkinsfile
+++ b/contrib/intel/jenkins/Jenkinsfile
@@ -397,6 +397,23 @@ pipeline {
         }
       }
     }
+    stage ('bootstrap-ci') {
+      steps {
+        script {
+          bootstrap_ci()
+        }
+      }
+    }
+    stage('check-authorization') {
+      steps {
+        script {
+          sh """source ${CI_LOCATION}/${env.CI_MODULE}/venv/bin/activate;\
+                python ${CI_LOCATION}/authorize.py \
+                --author=${env.CHANGE_AUTHOR}
+          """
+        }
+      }
+    }
     stage ('opt-out') {
       steps {
         script {
@@ -433,13 +450,6 @@ pipeline {
         }
       }
     }
-    stage ('bootstrap-ci') {
-      steps {
-        script {
-          bootstrap_ci()
-        }
-      }
-    }
     stage ('build-libfabric') {
       when { equals expected: true, actual: DO_RUN }
       parallel {