commit b39f79e091c591d768df554acb14ae8268be1b86
parent d47a5157712c408dc3c1deea61ceabe6ac0b53e1
Author: Atila Butkovits <abutkovits@mozilla.com>
Date: Fri, 19 Dec 2025 06:51:35 +0200
Revert "Bug 2001552 - workflows: Use actions/create-github-app-token to get a GH_TOKEN with org access r=suhaib DOT_GITHUB_OVERRIDE DONTBUILD" for causing Lint failures.
This reverts commit e2f89177a368a81792e1016fa43dbd1e77eb4796.
Revert "Bug 2001552, Bug 1996664 - pr-handler: Add Lando link to allowed PRs r=zeid,suhaib DOT_GITHUB_OVERRIDE DONTBUILD"
This reverts commit 29a5f8b08ec425df20c3a3a9fd3e91214f78ca0f.
Revert "Bug 2001552 - close-pr: Allow specific teams to make PR for specific subdirectories r=zeid,suhaib DOT_GITHUB_OVERRIDE DONTBUILD"
This reverts commit ee4c05b0dae7003b5552472e5e59dfda7b1d1ddd.
Revert "Bug 2001552 - close-pr: don't use GitHub variables in run sections r=zeid,suhaib DOT_GITHUB_OVERRIDE DONTBUILD"
This reverts commit fa34468a20e6679ee8eabd30f30cad4aa7a4d013.
Revert "Bug 2001552 - CODEOWNERS: add android-reviewers for /mobile/ r=zeid,tcampbell DONTBUILD"
This reverts commit d30d0e02134d27f40307d6a57a475f6181e5c877.
Diffstat:
3 files changed, 17 insertions(+), 100 deletions(-)
diff --git a/.github/workflows/close-pr.yml b/.github/workflows/close-pr.yml
@@ -0,0 +1,17 @@
+name: Close Pull Request
+on:
+ pull_request_target:
+ types: [opened, reopened]
+
+jobs:
+ close-pr:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Close PR
+ env:
+ GH_TOKEN: ${{ github.token }}
+ GH_REPO: ${{ github.repository }}
+ PR: ${{ github.event.pull_request.number }}
+ run: |
+ gh pr close ${{ env.PR }} --comment "(Automated Close) Please do not file pull requests here, see https://firefox-source-docs.mozilla.org/contributing/how_to_submit_a_patch.html"
+ gh pr lock ${{ env.PR }}
diff --git a/.github/workflows/pr-handler.yml b/.github/workflows/pr-handler.yml
@@ -1,97 +0,0 @@
-name: Handle Pull Request
-on:
- # WARNING: pull_request_target MUST NOT be used if running code under control
- # of the source PR [0], as it could risk leaking the GH_TOKENs.
- #
- # In this case, we do it as the job needs to run within the context of the
- # target repo, so it can get a GH_TOKEN which it can use to comment on and
- # update the PR.
- #
- # Crucially, no external code is loaded or run as part of this workflow.
- #
- # [0] https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request_target:~:text=Warning-,Running,websitehttps://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request_target:~:text=Warning-,Running,website
- #
- pull_request_target:
- types: [opened, reopened]
-
-
-env:
- ALLOWED_TEAM: lando-github-pilot
- ALLOWED_PATHS: |
- mobile/android/android-components
- mobile/android/fenix
- mobile/android/focus-android
-
- GH_REPO: ${{ github.repository }}
- PR: ${{ github.event.pull_request.number }}
-
- GH_TOKEN: ${{ github.token }}
-
-jobs:
- handle-pr:
- runs-on: ubuntu-latest
- steps:
-
- # Workflows don't get access to organisation metadata via the GITHUB_TOKEN.
- # We use the Lando Web App to obtain a token with sufficient permissions.
- - name: Generate a Lando Web token
- id: generate-lando-web-token
- uses: actions/create-github-app-token@v2
- continue-on-error: true
- with:
- app-id: ${{ vars.LANDO_WEB_APP_ID }}
- private-key: ${{ secrets.LANDO_WEB_APP_PRIVATE_KEY }}
- permission-members: read
-
- - name: Check team membership
- id: team
- continue-on-error: true
- env:
- AUTHOR: ${{ github.actor }}
- GH_ORG: ${{ github.repository_owner }}
- GH_TOKEN: ${{ steps.generate-lando-web-token.outputs.token }}
- run: |
- if gh api "/orgs/${GH_ORG}/teams/${ALLOWED_TEAM}/memberships/${AUTHOR}" --silent 2>/dev/null; then
- echo "is_member=true" >> $GITHUB_OUTPUT
- else
- echo "is_member=false" >> $GITHUB_OUTPUT
- fi
-
- - name: Check allowed paths
- id: paths
- continue-on-error: true
- if: steps.team.outputs.is_member == 'true'
- run: |
- PATTERN=$(echo "${ALLOWED_PATHS}" | xargs | tr ' ' '|')
- if gh pr view "${PR}" --json files --jq '.files[].path' | grep -vE "^(${PATTERN})"; then
- echo "only_allowed=false" >> $GITHUB_OUTPUT
- else
- echo "only_allowed=true" >> $GITHUB_OUTPUT
- fi
-
- - name: Close PR
- if: steps.team.outputs.is_member != 'true' || steps.paths.outputs.only_allowed != 'true'
- run: |
- gh pr close "${PR}" --comment "(Automated Close) Please do not file pull requests here, see https://firefox-source-docs.mozilla.org/contributing/how_to_submit_a_patch.html"
- gh pr lock "${PR}"
-
- - name: Add Lando link
- if: (steps.team.outputs.is_member == 'true' && steps.paths.outputs.only_allowed == 'true') && github.event.action == 'opened'
- env:
- #
- # Set the following variables at the repository level [0].
- # [0] https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-variables#defining-configuration-variables-for-multiple-workflows
- #
- LANDO_BASE_URL: ${{ vars.LANDO_BASE_URL }}
- LANDO_REPO: ${{ vars.LANDO_REPO }}
- #
- # If they are empty, the following will be used to determine sane defaults.
- #
- DEFAULT_LANDO_BASE_URL: https://lando.moz.tools
- TARGET_BRANCH: ${{ github.base_ref }}
- run: |
- LANDO_BASE_URL="${LANDO_BASE_URL:-${DEFAULT_LANDO_BASE_URL}}"
- # We extract the GitHub repo name and target branch to use as
- # default LANDO_REPO if unspecified.
- LANDO_REPO="${LANDO_REPO:-${GH_REPO/*\//}-${TARGET_BRANCH}}"
- gh pr comment "${PR}" --body "[View this pull request in Lando](${LANDO_BASE_URL}/pulls/${LANDO_REPO}/${PR}) to land it once approved."
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -1,3 +0,0 @@
-/mobile/android/android-components @mozilla-firefox/android-reviewers
-/mobile/android/fenix @mozilla-firefox/android-reviewers
-/mobile/android/focus-android @mozilla-firefox/android-reviewers
