1

In a GitActions YAML file how do I check to see if a User is part of a Team in Github ?

I know that the username can be got via ${{ github.actor }}

Note: The requirement is to allow only specific authorized users to be able to run a job within a workflow. (Say we restrict a step to the DBA team members)

Note: I am aware of Environments and the "Require reviewer" option. But this does not quite fit into the requirement.

ChzDz
  • 171
  • 1
  • 1
  • 9

1 Answers1

2

You can use the get-user-teams-membership action for that. A workflow would look something like this.

name: Check user for team affiliation
on:
  pull_request:
    branches:
      - develop
jobs:
  check-user:
    name: Team affiliation
    runs-on: ubuntu-latest
    steps:
      - name: Check user for team affiliation
        uses: tspascoal/get-user-teams-membership@v2
        id: teamAffiliation
        with:
          GITHUB_TOKEN: ${{ secrets.TOKEN }}
          username: ${{ github.actor }}
          team: your-team-name
      - name: Stop workflow if user is no member
        if: ${{ steps.teamAffiliation.outputs.isTeamMember == false }}
        run: |
          echo "You have no rights to trigger this job."
          exit 1

You can also try this with the github-script action. Could be a bit more difficult but also gives you more freedom.

Sascha
  • 302
  • 1
  • 7
  • 1
    By adding an output to the job you could use the `if` on the job level of a future job as well. See: https://stackoverflow.com/questions/75612801/my-github-env-changed-but-i-want-it-stable/75613524#75613524 – jessehouwing Mar 08 '23 at 20:00