In a GitActions YAML file how do I check to see if a User is part of a Team in Github ?
I know that the username can be got via ${{ github.actor }}
Note: The requirement is to allow only specific authorized users to be able to run a job within a workflow. (Say we restrict a step to the DBA team members)
Note: I am aware of Environments and the "Require reviewer" option. But this does not quite fit into the requirement.
You can use the get-user-teams-membership action for that. A workflow would look something like this.
name: Check user for team affiliation
on:
pull_request:
branches:
- develop
jobs:
check-user:
name: Team affiliation
runs-on: ubuntu-latest
steps:
- name: Check user for team affiliation
uses: tspascoal/get-user-teams-membership@v2
id: teamAffiliation
with:
GITHUB_TOKEN: ${{ secrets.TOKEN }}
username: ${{ github.actor }}
team: your-team-name
- name: Stop workflow if user is no member
if: ${{ steps.teamAffiliation.outputs.isTeamMember == 'false' }}
run: |
echo "You have no rights to trigger this job."
exit 1
Note that that action outputs are always strings, so a boolean check is not valid.
You can also try this with the github-script action. Could be a bit more difficult but also gives you more freedom.