File tree Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Original file line number Diff line number Diff line change @@ -52,13 +52,24 @@ jobs:
5252 - name : Check prod access
5353 if : ${{ inputs.deployment_env == 'prod' }}
5454 run : |
55+ if [ "$GITHUB_REF" != "refs/heads/main" ]; then
56+ echo "Error: Production deployments are only allowed from the main branch."
57+ exit 1
58+ fi
59+
60+ if [ "$GITHUB_REPOSITORY_OWNER" != "nginx" ] && [ "$GITHUB_REPOSITORY_OWNER" != "nginxinc" ]; then
61+ echo "Error: This workflow is only allowed in repositories owned by 'nginx' or 'nginxinc'."
62+ exit 1
63+ fi
64+
5565 ALLOWED="${{ secrets.ALLOWED_USERS }}"
5666 for user in $ALLOWED; do
5767 if [ "$GITHUB_ACTOR" == "$user" ]; then
5868 echo "User $GITHUB_ACTOR is allowed to deploy to prod"
5969 exit 0
6070 fi
6171 done
72+
6273 echo "User $GITHUB_ACTOR is NOT allowed to deploy to prod"
6374 exit 1
6475
You can’t perform that action at this time.
0 commit comments