Skip to content

Add new workflow to block direct module reference changes #863

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Add new workflow to block direct module reference changes #863

Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
9b6a813
feat: Add new workflow to block direct module reference changes
lamATnginx Jul 21, 2025
73b299b
Add code to comment on PR + fail if changes detected
lamATnginx Jul 21, 2025
1011f43
Added exemption code
lamATnginx Jul 21, 2025
00a0b4c
Merge branch 'main' into blocking-action
ADubhlaoich Jul 22, 2025
0fdb9f4
Merge branch 'main' into blocking-action
ADubhlaoich Jul 22, 2025
744b4da
Corrected exit code
lamATnginx Jul 23, 2025
16051f3
Merge branch 'main' into blocking-action
ADubhlaoich Jul 24, 2025
b710ce5
Merge branch 'main' into blocking-action
ADubhlaoich Aug 11, 2025
98b4757
Merge branch 'main' into blocking-action
ADubhlaoich Sep 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 70 additions & 0 deletions .github/workflows/block-changes.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
name: Block specific changes

on:
pull_request:

jobs:
block-direct-markdown-module-changes:
name: Block modifying Markdown Module Reference files directly
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2
with:
fetch-depth: 0
- name: Check for changes in /nginx/module_reference
id: check_module_changes
run: |
FOLDER_DIR="content/nginx/module_reference"
git diff origin/main -- $FOLDER_DIR > changes.txt

if [[ -s changes.txt ]]; then
echo "Changes detected for $FOLDER_DIR"
echo "CHANGES_DETECTED=true" >> $GITHUB_OUTPUT
else
echo "CHANGES_DETECTED=false" >> $GITHUB_OUTPUT
fi
- name: Check for exemption for PR created by dot-org-content workflow
id: check_exemption
run: |
LABELS=$(jq -r '.pull_request.labels[].name' "$GITHUB_EVENT_PATH" || echo "")
AUTHOR=$(jq -r '.pull_request.user.login' "$GITHUB_EVENT_PATH")
TITLE=$(jq -r '.pull_request.title' "$GITHUB_EVENT_PATH")
ACCEPTED_LABEL="module_reference"
ACCEPTED_AUTHOR="github-actions"
ACCEPTED_TITLE="NGINX Plus - Module Ref"

EXEMPTION=false

if echo "$LABELS" | grep -q "$ACCEPTED_LABEL"; then
echo "Label match..."
EXEMPTION=true
fi
if [[ "$AUTHOR" == "$ACCEPTED_AUTHOR" ]]; then
echo "Author match..."
EXEMPTION=true
fi
if [[ "$TITLE" == *"${ACCEPTED_TITLE}"* ]]; then
echo "Title match..."
EXEMPTION=true
fi

echo "EXEMPTION=$EXEMPTION" >> $GITHUB_OUTPUT
- name: Generate PR comment if changes detected
if: steps.check_module_changes.outputs.CHANGES_DETECTED == 'true' && steps.check_exemption.outputs.EXEMPTION == 'false'
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const body = `This PR is blocked from being reviewed. Please make direct changes to module_references from the upstream XML in https://github.com/nginx/nginx.org`;
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: body,
});
- name: Fail job if changes detected
if: steps.check_module_changes.outputs.CHANGES_DETECTED == 'true' && steps.check_exemption.outputs.EXEMPTION == 'false'
run: |
exit 1