Skip to content

[Key Vault] TypeSpec for Administration library #7376

[Key Vault] TypeSpec for Administration library

[Key Vault] TypeSpec for Administration library #7376

name: Protected Files
on: pull_request
env:
# Users allowed to edit protected files without failing check
user-allowed: ${{ github.event.pull_request.user.login == 'azure-sdk' }}
jobs:
protected-files:
name: Protected Files
runs-on: ubuntu-latest
steps:
# Since check is required, the job must pass instead of being skipped
- name: User allowed
if: ${{ env.user-allowed == 'true' }}
run: echo "Account '${{ github.event.pull_request.user.login }}' is allowed to update protected files"
- uses: actions/checkout@v4
if: ${{ env.user-allowed != 'true' }}
with:
# Required since "HEAD^" is passed to Get-ChangedFiles
fetch-depth: 2
- name: Detect changes to protected files
if: ${{ env.user-allowed != 'true' }}
run: |
. eng/scripts/ChangedFiles-Functions.ps1
$protectedFiles = @("package.json", "package-lock.json")
$changedFiles = @(Get-ChangedFiles -baseCommitish HEAD^ -targetCommitish HEAD -diffFilter "")
$matchedFiles = @($protectedFiles | Where-Object { $changedFiles -contains $_})
if ($matchedFiles.Count -gt 0) {
foreach ($file in $matchedFiles) {
Write-Output "::error file=$file::File '$file' should only be updated by the Azure SDK team. If intentional, the PR may be merged by the Azure SDK team via bypassing the branch protections."
}
exit 1
}
else {
Write-Output "No changes to protected files: [$($protectedFiles -join ', ')]"
}
shell: pwsh