package-distributions/.github/workflows/Security.yml at d5082b63229dbf7fba403dfec6eeac0df7f0a6cc · ordo-one/package-distributions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#  ❣❣❣  DO NOT EDIT  ❣  THIS FILE IS AUTOMATICALLY SYNCED  ❣  DO NOT EDIT  ❣❣❣

name: Security

on:
    push:
        branches: [ master ]
    pull_request:
        branches: [ master ]

jobs:
    emails:
        name: Check commit emails
        runs-on: ubuntu-latest
        steps:
            -   name: 🔐 Checkout repository 🔐
                uses: actions/checkout@v6
                with:
                    # fetch all history so the workflow can find previous commits
                    fetch-depth: 0

            -   name: 🔐 Check commits 🔐
                run: |
                    blacklisted_domains=(
                        "@gmail\.com"
                        "@yahoo\.com"
                        "@hotmail\.com"
                        "@outlook\.com"
                        "@aol\.com"
                        "@icloud\.com"
                        "@sasktel\.net"
                    )
                    blacklist_pattern=$(IFS="|"; echo "${blacklisted_domains[*]}")

                    insecure_emails=$(git log --format='%ae%n%ce' | sort -u | grep -E -i "$blacklist_pattern" || true)
                    if [ -n "$insecure_emails" ]; then
                        echo "❗ Found insecure email addresses in git history"
                        exit 1
                    fi

                    if [ -f .mailmap ]; then
                        insecure_emails_mailmap=$(grep -E -i "$blacklist_pattern" .mailmap | sort -u)
                        if [ -n "$insecure_emails_mailmap" ]; then
                            echo "❗ Found insecure email addresses in .mailmap"
                            exit 1
                        fi
                    fi