diff --git a/.github/workflows/codeflash-optimize.yaml b/.github/workflows/codeflash-optimize.yaml index 2e619dd4d..bdfab8c25 100644 --- a/.github/workflows/codeflash-optimize.yaml +++ b/.github/workflows/codeflash-optimize.yaml @@ -29,18 +29,25 @@ jobs: fetch-depth: 0 - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: 🐍 Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml b/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml index e8fb9947e..ef0dc5149 100644 --- a/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml +++ b/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml @@ -24,18 +24,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-bubblesort-unittest.yaml b/.github/workflows/end-to-end-test-bubblesort-unittest.yaml index d0fd8a8e6..e8c367ee2 100644 --- a/.github/workflows/end-to-end-test-bubblesort-unittest.yaml +++ b/.github/workflows/end-to-end-test-bubblesort-unittest.yaml @@ -24,18 +24,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-coverage.yaml b/.github/workflows/end-to-end-test-coverage.yaml index aeb62787b..5bdbde9e6 100644 --- a/.github/workflows/end-to-end-test-coverage.yaml +++ b/.github/workflows/end-to-end-test-coverage.yaml @@ -22,18 +22,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-futurehouse.yaml b/.github/workflows/end-to-end-test-futurehouse.yaml index 7fb7ea2bc..86b654152 100644 --- a/.github/workflows/end-to-end-test-futurehouse.yaml +++ b/.github/workflows/end-to-end-test-futurehouse.yaml @@ -24,18 +24,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-init-optim.yaml b/.github/workflows/end-to-end-test-init-optim.yaml index 24f563840..9e35d171f 100644 --- a/.github/workflows/end-to-end-test-init-optim.yaml +++ b/.github/workflows/end-to-end-test-init-optim.yaml @@ -24,18 +24,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-tracer-replay.yaml b/.github/workflows/end-to-end-test-tracer-replay.yaml index 853e73341..e999b8f32 100644 --- a/.github/workflows/end-to-end-test-tracer-replay.yaml +++ b/.github/workflows/end-to-end-test-tracer-replay.yaml @@ -24,18 +24,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi diff --git a/.github/workflows/end-to-end-topological-sort-test.yaml b/.github/workflows/end-to-end-topological-sort-test.yaml index 6ead46031..e8a1ac519 100644 --- a/.github/workflows/end-to-end-topological-sort-test.yaml +++ b/.github/workflows/end-to-end-topological-sort-test.yaml @@ -22,23 +22,26 @@ jobs: with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} + - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." - - # Check if the PR author is allowed + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi - fiif git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "end-to-end-topological-sort-test.yaml"; then - echo "This workflow file has been modified. Exiting for security." - exit 1 + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI