Add github workflow that checks if a private email address was used to contribute to the repo and warn in this case #80514
Conversation
to contribute to the repo and warn in this case.
|
@llvm/pr-subscribers-github-workflow Author: Anton Korobeynikov (asl) ChangesFollowing the Discourse discussion, warn in case of a private email address was used in a PR. Full diff: https://github.com/llvm/llvm-project/pull/80514.diff 1 Files Affected:
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
new file mode 100644
index 0000000000000..4b729ddfa42d5
--- /dev/null
+++ b/.github/workflows/email-check.yaml
@@ -0,0 +1,36 @@
+name: "Check for private emails used in PRs"
+on: pull_request_target
+permissions:
+ pull-requests: write
+
+jobs:
+ validate_email:
+ runs-on: ubuntu-latest
+ if: github.repository == 'llvm/llvm-project'
+ steps:
+ - name: Fetch LLVM sources
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ github.event.pull_request.head.sha }}
+
+ - name: Extract author email
+ id: author
+ run: |
+ git log -1
+ echo "EMAIL=$(git show -s --format='%ae' HEAD~0)" >> $GITHUB_OUTPUT
+
+ - name: Validate author email
+ if: ${{ endsWith(steps.author.outputs.EMAIL, 'noreply.github.com') }}
+ uses: actions/github-script@v6
+ env:
+ EMAIL: ${{ steps.author.outputs.EMAIL }}
+ with:
+ script: |
+ const { EMAIL } = process.env
+ await github.rest.issues.createComment({
+ issue_number: context.issue.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ body: `⚠️ We detected that you are using a GitHub private e-mail address to contribute to the repo.
+ Please turn off [Keep my email addresses private](https://github.com/settings/emails) setting in your account.
+ `})
|
There was a problem hiding this comment.
LGTM. Logic looks good, but not exactly sure of all the details on how Github hides emails. Post-commit analysis of the emails in the commit log to make sure this has the intended effect would definitely be good, but was probably planned anyways.
Thanks for working on this issue!
|
I already checked this in our temp-issue-tester repo and it seems to be working. We might miss some cases, but we can examine the things afterwards to see what they are. |
|
@boomanaiden154 Confirmed works on LLVM repo as well: #80627 (comment) |
|
Awesome! Hoping there aren't any edge cases that we run into. |
|
I think we should tweak this action a bit. It probably shouldn't spam a comment on every change. We can just update or keep one comment at the time. Also I wonder if we should link or include some expanded info why we request people to change this setting and what it does for us. It's not clear for anyone who haven't been part of the conversations why we want it to be public. |
|
Yep. The only issue with that is that the comment might get buried (as I've seen happen with the code formatting action), but the job should also fail (which would need another patch) when it writes a comment to make that visible. I've put it on my backlog to get those two things done, but if someone else gets to it first, that would be good too. |
|
#80648 is a temporary fix if that helps. |
Definitely. If I'm a drive by contributor, I would be more likely to expose my email address if I see there's legitimate reason to do so. If I had other reasons to remain anonymous, I may choose to abandon the PR, but at least I had all the information I need to make that decision (and hopefully not be resentful to llvm as a result). |
| - name: Fetch LLVM sources | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.sha }} |
There was a problem hiding this comment.
Is this getting the whole repo each time? I wonder if there are some "shallow checkout" options that would apply here.
Or we could get it from the PR event, maybe, but I guess you already looked for that and I don't want to derail the chosen solution.
There was a problem hiding this comment.
There is user.email in https://docs.github.com/en/webhooks/webhook-events-and-payloads#pull_request. Would need testing to confirm, but I'd guess that checking for null or noreply@github... in the string would work.
And possibly this could all be done in the YAML. Which is not necessarily a good thing so you don't have to change what you've got.
Just know that this is (allegedly) an option.
There was a problem hiding this comment.
Emails could come from different places, but we mostly bother about email of author in the commit (which has to set up manually from via git config if one uses git CLI and private email address, so must be done explicitly) and I thought this is the most bullet-proof way to do this.
|
I've added link to Discourse in ee06678 |
…o contribute to the repo and warn in this case (llvm#80514) Following the Discourse discussion, warn in case of a private email address was used in a PR.
Following the Discourse discussion, warn in case of a private email address was used in a PR.