chore(deps): bump actions/checkout from 4 to 6 #207
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Guard | |
| on: | |
| pull_request: | |
| branches: [ main, master ] # add dev if you want | |
| types: [opened, synchronize, reopened, edited, labeled, unlabeled] | |
| jobs: | |
| block-backend-ci-edits: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 # full history so diff-by-sha always works | |
| - name: Detect change to backend-ci.yml | |
| id: detect | |
| run: | | |
| BASE_SHA="${{ github.event.pull_request.base.sha }}" | |
| HEAD_SHA="${{ github.event.pull_request.head.sha }}" | |
| if git diff --name-only "$BASE_SHA" "$HEAD_SHA" | grep -q '^\.github/workflows/backend-ci\.yml$'; then | |
| echo "changed=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "changed=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Fail if backend-ci.yml changed without label | |
| if: steps.detect.outputs.changed == 'true' && !contains(join(fromJSON(toJSON(github.event.pull_request.labels)).*.name, ','), 'ci-change-ok') | |
| run: | | |
| echo "❌ Changes to .github/workflows/backend-ci.yml require label 'ci-change-ok'." | |
| exit 1 | |
| - name: Ensure backend-ci.yml exists | |
| # This step runs regardless, helpful to catch accidental deletions | |
| run: test -f .github/workflows/backend-ci.yml || (echo "❌ Missing backend-ci.yml" && exit 1) | |
| - name: Success message | |
| if: steps.detect.outputs.changed == 'false' || contains(join(fromJSON(toJSON(github.event.pull_request.labels)).*.name, ','), 'ci-change-ok') | |
| run: echo "✅ backend-ci.yml is unchanged or change is approved." |