feat: add option to set custom list of users that can send pull requests

ahmadnassri · Feb 22, 2023 · 344e2aa · 344e2aa
1 parent 4b9c6f0
commit 344e2aa
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -81,14 +81,15 @@ steps:
 
 ### Inputs
 
-| input          | required | default                  | description                                         |
-|----------------|----------|--------------------------|-----------------------------------------------------|
-| `github-token` | ✔        | `github.token`           | The GitHub token used to merge the pull-request     |
-| `config`       | ✔        | `.github/auto-merge.yml` | Path to configuration file *(relative to root)*     |
-| `target`       | ❌       | `patch`                  | The version comparison target (major, minor, patch) |
-| `command`      | ❌       | `merge`                  | The command to pass to Dependabot                   |
-| `botName`      | ❌       | `dependabot`             | The bot to tag in approve/comment message.          |
-| `approve`      | ❌       | `true`                   | Auto-approve pull-requests                          |
+| input           | required | default                                       | description                                          |
+|-----------------|----------|-----------------------------------------------|------------------------------------------------------|
+| `github-token`  | ✔        | `github.token`                                | The GitHub token used to merge the pull-request      |
+| `config`        | ✔        | `.github/auto-merge.yml`                      | Path to configuration file *(relative to root)*      |
+| `target`        | ❌        | `patch`                                       | The version comparison target (major, minor, patch)  |
+| `command`       | ❌        | `merge`                                       | The command to pass to Dependabot                    |
+| `botName`       | ❌        | `dependabot`                                  | The bot to tag in approve/comment message.           |
+| `approve`       | ❌        | `true`                                        | Auto-approve pull-requests                           |
+| `allowed_users` | ❌        | `"dependabot[bot]","dependabot-preview[bot]"` | List of users that are allowed to send pull requests |
 
 ### Token Scope
 

diff --git a/action.yml b/action.yml
@@ -35,6 +35,11 @@ inputs:
     default: patch
     required: false
 
+  allowed_users:
+    description: List of users that are allowed to send pull requests
+    default: ["dependabot[bot]","dependabot-preview[bot]"]
+    required: false
+
 runs:
   using: docker
   image: docker://ghcr.io/ahmadnassri/action-dependabot-auto-merge:2.6.6
diff --git a/action/index.js b/action/index.js
@@ -17,9 +17,11 @@ if (!['pull_request_target', 'pull_request'].includes(github.context.eventName))
 // extract the title
 const { payload: { sender } } = github.context // eslint-disable-line camelcase
 
+const allowedUsers = core.getInput('allowed_users', { required: true });
+
 // exit early if PR is not by dependabot
-if (!sender || !['dependabot[bot]', 'dependabot-preview[bot]'].includes(sender.login)) {
-  core.warning(`exiting early - expected PR by "dependabot[bot]", found "${sender ? sender.login : 'no-sender'}" instead`)
+if (!sender || !allowedUsers.includes(sender.login)) {
+  core.warning(`exiting early - expected PR by "${allowedUsers}", found "${sender ? sender.login : 'no-sender'}" instead`)
   process.exit(0)
 }
 

diff --git a/action/test/cli/early-exit.js b/action/test/cli/early-exit.js
@@ -3,9 +3,11 @@ import tap from 'tap'
 import path from 'path'
 import { promisify } from 'util'
 import { exec } from 'child_process'
+import config from "../../lib/config.js";
 
 const pexec = promisify(exec)
 
+
 tap.test('main -> wrong event', assert => {
   assert.plan(2)
 
@@ -18,14 +20,33 @@ tap.test('main -> wrong event', assert => {
     })
 })
 
-tap.test('main -> not dependabot', assert => {
+tap.test('main -> not part of the allowed_users', assert => {
   assert.plan(1)
 
   process.env.GITHUB_EVENT_NAME = 'pull_request'
   process.env.GITHUB_EVENT_PATH = path.join(path.resolve(), 'test', 'cli', 'event.json')
+  process.env.GITHUB_ACTOR  = 'other'
+
+  process.env[`INPUT_allowed_users`] = ["test","somebody"]
 
   pexec('node index.js')
     .then(({ code, stdout }) => {
-      assert.equal(stdout.trim(), '::warning::exiting early - expected PR by "dependabot[bot]", found "foo" instead')
+      assert.equal(stdout.trim(), '::warning::exiting early - expected PR by "test,somebody", found "foo" instead')
+    })
+})
+
+tap.test('main -> user is part of the allowed_users', assert => {
+  assert.plan(1)
+
+  process.env.GITHUB_EVENT_NAME = 'pull_request'
+  process.env.GITHUB_EVENT_PATH = path.join(path.resolve(), 'test', 'cli', 'event.json')
+  process.env.GITHUB_ACTOR  = 'other'
+
+  process.env[`INPUT_allowed_users`] = ["foo","somebody"]
+
+  pexec('node index.js')
+    .catch(({ code, stdout }) => {
+      // If it reaches the other validation errors then it is a valid user
+      assert.equal(code, 1)
     })
 })