.github: do a functional check for az login #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: ARO HCP Continuous Deployment | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - '.github/workflows/aro-hcp-cd.yml' | |
| - '.github/workflows/environment-infra-cd.yml' | |
| - '.github/workflows/services-cd.yml' | |
| - '.github/workflows/services-ci.yml' | |
| - 'config/config.yaml' | |
| - 'dev-infrastructure/**/*.bicep' | |
| - 'dev-infrastructure/**/*.bicepparam' | |
| - 'dev-infrastructure/configurations/*' | |
| - 'frontend/**' | |
| - 'backend/**' | |
| - 'cluster-service/**' | |
| - 'internal/**' | |
| - 'maestro/**' | |
| - 'pko/**' | |
| - 'acm/**' | |
| - 'hypershiftoperator/**' | |
| - 'image-sync/**/' | |
| - 'tooling/image-sync/**' | |
| - 'tooling/templatize/**' | |
| - 'config/*' | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - closed | |
| jobs: | |
| is_running_on_fork: | |
| name: 'Ensure PR is submitted from Azure/ARO-HCP' | |
| if: github.event_name != 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: 'write' | |
| contents: 'read' | |
| steps: | |
| - name: 'Az CLI login - will fail if PR is submitted from a fork of the repo' | |
| uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Fail if PR submitted from fork | |
| if: failure() | |
| run: core.setFailed('Expected source repository to be Azure/ARO-HCP, not ${{ github.event.pull_request.head.repo.full_name }}, re-create PR as a branch of Azure/ARO-HCP') |