steps:
# NOTE: We assume the `gh` CLI is present for the runner image:
# https://github.com/actions/runner-images/blob/0f2310415608223eb4141ecdbd1101d307f26b06/images/linux/Ubuntu2204-Readme.md
- name: Validate workflow dispatch actor is allowed to run this workflow
if: ${{ github.event_name == 'workflow_dispatch' }}
env:
GH_TOKEN: ${{ secrets.TEAM_CHECK_GITHUB_TOKEN }}
run: |
ACTOR=${{ github.actor }}
TEAM=veneer
MEMBERSHIP_STATE=$(gh api "orgs/acme-org/teams/${TEAM}/memberships/${ACTOR}" --template '{{ .state }}' 2> /dev/null || true)
if [[ "${MEMBERSHIP_STATE}" != "active" ]]; then
echo "::debug::MEMBERSHIP_STATE=${MEMBERSHIP_STATE}"
echo "::error::This workflow cannot be run by @${ACTOR}"
echo "::error::Only members of the @acme-org/${TEAM} team can run this workflow"
exit 1
fi
https://github.com/orgs/community/discussions/26622