-
Notifications
You must be signed in to change notification settings - Fork 55
80 lines (66 loc) · 3.47 KB
/
protectAuditorsGroup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
name: Protect Auditors Group
on:
push:
jobs:
protect-auditors-group:
runs-on: ubuntu-latest
steps:
- name: Compare Group Members
env:
GH_PAT: ${{ secrets.GIT_ACTIONS_BOT_PAT_CLASSIC }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
##### unset the default git token (does not have sufficient rights to get team members)
unset GITHUB_TOKEN
##### use the Personal Access Token to log into git CLI
echo $GH_PAT | gh auth login --with-token || { echo "GitHub authentication failed"; exit 1; }
# Function to get team members
getTeamMembers() {
local org=$1
local team=$2
gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/orgs/$org/teams/$team/members" | jq -r '.[].login'
}
ORG_NAME="lifinance"
SC_ADMINS="smart-contract-admins"
SC_CORE="smart-contract-core"
AUDITORS="auditors"
##### Get members of each group
echo "Fetching members of $SC_ADMINS..."
SC_ADMINS_MEMBERS=$(getTeamMembers "$ORG_NAME" "$SC_ADMINS") || { echo "Failed to fetch members of $SC_ADMINS"; exit 1; }
echo "SC_ADMINS: $SC_ADMINS_MEMBERS"
echo "Fetching members of $SC_CORE..."
SC_CORE_MEMBERS=$(getTeamMembers "$ORG_NAME" "$SC_CORE") || { echo "Failed to fetch members of $SC_CORE"; exit 1; }
echo "SC_CORE: $SC_CORE_MEMBERS"
echo "Fetching members of $AUDITORS..."
AUDITORS_MEMBERS=$(getTeamMembers "$ORG_NAME" "$AUDITORS") || { echo "Failed to fetch members of $AUDITORS"; exit 1; }
echo "AUDITORS: $AUDITORS_MEMBERS"
echo "Checking overlap between SC_ADMINS and AUDITORS..."
OVERLAP=$(echo "$SC_ADMINS_MEMBERS" | grep -Fxf - <(echo "$AUDITORS_MEMBERS")) || { echo "Overlap check failed"; exit 1; }
if [ -n "$OVERLAP" ]; then
echo -e "\033[31mERROR: The following git users are members of both $SC_ADMINS and $AUDITORS groups: $overlap\033[0m"
echo -e "\033[31mAuditors must be external personnel and cannot be team members or admins\033[0m"
exit 1
else
echo -e "\033[32mNo overlap found between $SC_ADMINS and $AUDITORS.\033[0m"
fi
# ##### Check overlap between smart-contract-core and auditors
# overlap=$(echo "$SC_ADMINS_MEMBERS" | grep -Fxf - <(echo "$AUDITORS_MEMBERS"))
# if [ -n "$overlap" ]; then
# echo -e "\033[31mERROR: The following members are in both $SC_ADMINS and $AUDITORS: $overlap\033[0m"
# echo -e "\033[31mAuditors must be external personnel and cannot be team members or admins\033[0m"
# exit 1
# else
# echo -e "\033[32mNo overlap found between $SC_ADMINS and $AUDITORS.\033[0m"
# fi
# ##### Check overlap between smart-contract-admins and auditors
# overlap2=$(echo "$SC_CORE_MEMBERS" | grep -Fxf - <(echo "$AUDITORS_MEMBERS"))
# if [ -n "$overlap2" ]; then
# echo -e "\033[31mERROR: The following members are in both $SC_CORE and $AUDITORS: $overlap2\033[0m"
# echo -e "\033[31mAuditors must be external personnel and cannot be team members or admins\033[0m"
# exit 1
# else
# echo -e "\033[32mNo overlap found between $SC_CORE and $AUDITORS.\033[0m"
# fi