Skip to content

Issue #3490462: Revoke "Join group" and "request group membership" from Authenticated (outsider) group role #4085

Issue #3490462: Revoke "Join group" and "request group membership" from Authenticated (outsider) group role

Issue #3490462: Revoke "Join group" and "request group membership" from Authenticated (outsider) group role #4085

Workflow file for this run

# This file contains custom lints that are not common to PHP/Drupal projects but
# are specific to how we want to build products at Open Social. These only run
# on pull requests since they are input for reviewer conversations and not hard
# rules such as our quality checks.
name: Best practices
# Contrary to the other jobs we only perform these checks on pull requests and accept that if a PR is merged despite
# checks failing we can ignore the addition on the main branch. There might be good reasons for developers to deviate
# from best practices (but if you're reading this, we do expect a good motivation written in the PR).
on:
pull_request: { }
defaults:
run:
shell: bash
jobs:
config_overrides:
name: No config overrides added
runs-on: ubuntu-latest
continue-on-error: true
outputs:
outcome: ${{ steps.test.outcome }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
# We're only interested in config overrides being added.
# grep exits with 0 if it has matches, which we consider to be a fail
# so we invert.
- id: test
run: "! git diff ${{ github.event.pull_request.base.sha }} ${{ github.sha }} -- '**/*.services.yml' | grep -e '^+' | grep config.factory.override"
helper_classes:
name: No helper objects introduced
runs-on: ubuntu-latest
continue-on-error: true
outputs:
outcome: ${{ steps.test.outcome }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
# We're only interested in Helper classes being added.
# grep exits with 0 if it has matches, which we consider to be a fail, so we invert.
- id: test
run: "! git diff ${{ github.event.pull_request.base.sha }} ${{ github.sha }} --name-only --diff-filter=A | grep Helper"
post_helper_message:
if: always()
needs: [config_overrides, helper_classes]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/github-script@v7
env:
CONFIG_OVERRIDES_RESULT: ${{ needs.config_overrides.outputs.outcome }}
HELPERS_ADDED_RESULT: ${{ needs.helper_classes.outputs.outcome }}
with:
script: |
const errors = {
hasConfigOverrides: process.env.CONFIG_OVERRIDES_RESULT === "failure",
hasHelpersAdded: process.env.HELPERS_ADDED_RESULT === "failure",
};
const script = require('./.github/workflows/bestPracticesFeedback.js')
await script({github, context}, errors);