Restrict action to members of the org

dannykopping · dannykopping · commit d87fc2b55061 · 2024-05-30T09:05:23.000+02:00
Signed-off-by: Danny Kopping &lt;danny@coder.com&gt;
diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
@@ -34,6 +34,17 @@ permissions:
   pull-requests: write # needed for commenting on PRs
 
 jobs:
+  check_membership:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if actor is a member
+        run: |
+          set -euo pipefail
+          response=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/orgs/coder/members/${{ github.actor }}")
+          if [[ "$response" == "404" ]]; then
+            echo "Error: Only members of the coder organization can trigger this workflow."
+            exit 1
+          fi
   check_pr:
     runs-on: ubuntu-latest
     outputs:
