feat(ui): Add tenant management #20561
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Tools: PR Labeler' | |
| on: | |
| # zizmor: ignore[dangerous-triggers] - intentional: needs write access to apply labels, no PR code checkout | |
| pull_request_target: | |
| branches: | |
| - 'master' | |
| - 'v5.*' | |
| types: | |
| - 'opened' | |
| - 'reopened' | |
| - 'synchronize' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| labeler: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Apply labels to PR | |
| uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1 | |
| with: | |
| sync-labels: true | |
| label-community: | |
| name: Add 'community' label if the PR is from a community contributor | |
| needs: labeler | |
| if: github.repository == 'prowler-cloud/prowler' && github.event.action == 'opened' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Check if author is org member | |
| id: check_membership | |
| env: | |
| AUTHOR: ${{ github.event.pull_request.user.login }} | |
| run: | | |
| # Hardcoded list of prowler-cloud organization members | |
| # This list includes members who have set their organization membership as private | |
| ORG_MEMBERS=( | |
| "AdriiiPRodri" | |
| "Alan-TheGentleman" | |
| "alejandrobailo" | |
| "amitsharm" | |
| "andoniaf" | |
| "cesararroba" | |
| "danibarranqueroo" | |
| "HugoPBrito" | |
| "jfagoagas" | |
| "josema-xyz" | |
| "lydiavilchez" | |
| "mmuller88" | |
| # "MrCloudSec" | |
| "pedrooot" | |
| "prowler-bot" | |
| "puchy22" | |
| "RosaRivasProwler" | |
| "StylusFrost" | |
| "toniblyx" | |
| "davidm4r" | |
| ) | |
| echo "Checking if $AUTHOR is a member of prowler-cloud organization" | |
| # Check if author is in the org members list | |
| if printf '%s\n' "${ORG_MEMBERS[@]}" | grep -q "^${AUTHOR}$"; then | |
| echo "is_member=true" >> $GITHUB_OUTPUT | |
| echo "$AUTHOR is an organization member" | |
| else | |
| echo "is_member=false" >> $GITHUB_OUTPUT | |
| echo "$AUTHOR is not an organization member" | |
| fi | |
| - name: Add community label | |
| if: steps.check_membership.outputs.is_member == 'false' | |
| env: | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| echo "Adding 'community' label to PR #$PR_NUMBER" | |
| gh api /repos/${{ github.repository }}/issues/${{ github.event.number }}/labels \ | |
| -X POST \ | |
| -f labels[]='community' |