Skip to content

Able to delete the dashboard with write permission even though I am not an admin or owner #4378

Able to delete the dashboard with write permission even though I am not an admin or owner

Able to delete the dashboard with write permission even though I am not an admin or owner #4378

name: Update Lockfiles for Dependabot Monorepo PRs
on:
pull_request:
paths:
- 'superset-frontend/packages/**/package.json'
- 'superset-frontend/plugins/**/package.json'
types: [opened, synchronize, reopened]
issue_comment:
types: [created]
# cancel previous workflow jobs for PRs
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.issue.number || github.run_id }}
cancel-in-progress: true
jobs:
update-lock-file:
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
if: >
(github.event_name == 'pull_request' && github.event.pull_request.user.login == 'dependabot[bot]') ||
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@supersetbot trigger-dependabot-lockfile') && github.event.issue.pull_request)
defaults:
run:
working-directory: superset-frontend
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref || github.head_ref }} # Checkout the branch that made the PR or the comment's PR branch
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
- name: Install Dependencies and Update Lock File
run: |
npm install
- name: Commit and Push Changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git config user.name "GitHub-Actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add package-lock.json
# Push the changes back to the branch if they exist, and pass if there are no changes
git diff --staged --quiet || (git commit -m "Update lock file for Dependabot PR" -a && git push https://${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} ${{ github.event.pull_request.head.ref || github.head_ref }})