Issue #3490462: Revoke "Join group" and "request group membership" from Authenticated (outsider) group role #4085
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file contains custom lints that are not common to PHP/Drupal projects but | |
# are specific to how we want to build products at Open Social. These only run | |
# on pull requests since they are input for reviewer conversations and not hard | |
# rules such as our quality checks. | |
name: Best practices | |
# Contrary to the other jobs we only perform these checks on pull requests and accept that if a PR is merged despite | |
# checks failing we can ignore the addition on the main branch. There might be good reasons for developers to deviate | |
# from best practices (but if you're reading this, we do expect a good motivation written in the PR). | |
on: | |
pull_request: { } | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
config_overrides: | |
name: No config overrides added | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
outputs: | |
outcome: ${{ steps.test.outcome }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# We're only interested in config overrides being added. | |
# grep exits with 0 if it has matches, which we consider to be a fail | |
# so we invert. | |
- id: test | |
run: "! git diff ${{ github.event.pull_request.base.sha }} ${{ github.sha }} -- '**/*.services.yml' | grep -e '^+' | grep config.factory.override" | |
helper_classes: | |
name: No helper objects introduced | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
outputs: | |
outcome: ${{ steps.test.outcome }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# We're only interested in Helper classes being added. | |
# grep exits with 0 if it has matches, which we consider to be a fail, so we invert. | |
- id: test | |
run: "! git diff ${{ github.event.pull_request.base.sha }} ${{ github.sha }} --name-only --diff-filter=A | grep Helper" | |
post_helper_message: | |
if: always() | |
needs: [config_overrides, helper_classes] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/github-script@v7 | |
env: | |
CONFIG_OVERRIDES_RESULT: ${{ needs.config_overrides.outputs.outcome }} | |
HELPERS_ADDED_RESULT: ${{ needs.helper_classes.outputs.outcome }} | |
with: | |
script: | | |
const errors = { | |
hasConfigOverrides: process.env.CONFIG_OVERRIDES_RESULT === "failure", | |
hasHelpersAdded: process.env.HELPERS_ADDED_RESULT === "failure", | |
}; | |
const script = require('./.github/workflows/bestPracticesFeedback.js') | |
await script({github, context}, errors); |