From bbde668c3d6110fe03fb4f182ec0acbfefde5924 Mon Sep 17 00:00:00 2001 From: "Agarwal, Udit" Date: Thu, 10 Jul 2025 21:10:36 +0200 Subject: [PATCH 1/7] Fix workflow Signed-off-by: Agarwal, Udit --- .github/workflows/email-check.yaml | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml index 904ad718f97dd..9907f9d198470 100644 --- a/.github/workflows/email-check.yaml +++ b/.github/workflows/email-check.yaml @@ -4,6 +4,7 @@ on: pull_request: types: - opened + - reopened permissions: contents: read @@ -20,14 +21,33 @@ jobs: - name: Extract author email id: author + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - git log -1 - echo "EMAIL=$(git show -s --format='%ae' HEAD~0)" >> $GITHUB_OUTPUT + # Use Github GraphQL APIs to get the email associated with the PR author. + query=' + query($login: String!) { + user(login: $login) { + email + } + }' + + PR_AUTHOR=${{ github.event.pull_request.user.login }} + + email=$(gh api graphql -f login="$PR_AUTHOR" -f query="$query" -H "Authorization: Bearer $GITHUB_TOKEN" --jq '.data.user.email') + echo "EMAIL_AUTHOR_GH_UI=$email" >> "$GITHUB_OUTPUT" + + # Print the email to the log for debugging purposes. + echo "GitHub user's email: $email" + # Create empty comment file echo "[]" > comments + # When EMAIL_AUTHOR_GH_UI is NULL, author's email is hidden in GitHub UI. + # In this case, we warn the user to turn off "Keep my email addresses private" + # setting in their account. - name: Validate author email - if: ${{ endsWith(steps.author.outputs.EMAIL, 'noreply.github.com') }} + if: ${{ steps.author.outputs.EMAIL_AUTHOR_GH_UI == '' }} env: COMMENT: >- ⚠️ We detected that you are using a GitHub private e-mail address to contribute to the repo.
From 65d0964f39eaedaa1530ea39b12609f4dc2bfed3 Mon Sep 17 00:00:00 2001 From: Udit Kumar Agarwal Date: Tue, 15 Jul 2025 10:38:56 -0700 Subject: [PATCH 2/7] Apply suggestions from code review --- .github/workflows/email-check.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml index 9907f9d198470..b197f75cf2a12 100644 --- a/.github/workflows/email-check.yaml +++ b/.github/workflows/email-check.yaml @@ -24,7 +24,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - # Use Github GraphQL APIs to get the email associated with the PR author. + # Use Github GraphQL APIs to get the email associated with the PR author because this takes into account the GitHub settings for email privacy. query=' query($login: String!) { user(login: $login) { @@ -37,9 +37,6 @@ jobs: email=$(gh api graphql -f login="$PR_AUTHOR" -f query="$query" -H "Authorization: Bearer $GITHUB_TOKEN" --jq '.data.user.email') echo "EMAIL_AUTHOR_GH_UI=$email" >> "$GITHUB_OUTPUT" - # Print the email to the log for debugging purposes. - echo "GitHub user's email: $email" - # Create empty comment file echo "[]" > comments From 1353f1bb1fe0b9d8f5c96511a3c6a87d5a0a04f2 Mon Sep 17 00:00:00 2001 From: Udit Kumar Agarwal Date: Tue, 15 Jul 2025 10:45:35 -0700 Subject: [PATCH 3/7] add print again to see if changing public email changes the email returned by GraphQL --- .github/workflows/email-check.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml index b197f75cf2a12..4c85ed79a57a3 100644 --- a/.github/workflows/email-check.yaml +++ b/.github/workflows/email-check.yaml @@ -37,6 +37,9 @@ jobs: email=$(gh api graphql -f login="$PR_AUTHOR" -f query="$query" -H "Authorization: Bearer $GITHUB_TOKEN" --jq '.data.user.email') echo "EMAIL_AUTHOR_GH_UI=$email" >> "$GITHUB_OUTPUT" + # Print the email to the log for debugging purposes. + echo "GitHub user's email: $email" + # Create empty comment file echo "[]" > comments From 539737a3348e69a55343d0995cf05b6b534fecb4 Mon Sep 17 00:00:00 2001 From: Udit Kumar Agarwal Date: Tue, 15 Jul 2025 10:55:06 -0700 Subject: [PATCH 4/7] Final cleanup --- .github/workflows/email-check.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml index 4c85ed79a57a3..cae4614a088f9 100644 --- a/.github/workflows/email-check.yaml +++ b/.github/workflows/email-check.yaml @@ -4,7 +4,6 @@ on: pull_request: types: - opened - - reopened permissions: contents: read @@ -37,9 +36,6 @@ jobs: email=$(gh api graphql -f login="$PR_AUTHOR" -f query="$query" -H "Authorization: Bearer $GITHUB_TOKEN" --jq '.data.user.email') echo "EMAIL_AUTHOR_GH_UI=$email" >> "$GITHUB_OUTPUT" - # Print the email to the log for debugging purposes. - echo "GitHub user's email: $email" - # Create empty comment file echo "[]" > comments From 8e60d618a62056ece0800cc6a86a84feefd2c7ff Mon Sep 17 00:00:00 2001 From: Udit Kumar Agarwal Date: Wed, 16 Jul 2025 09:17:28 -0700 Subject: [PATCH 5/7] Use `github.token` instead --- .github/workflows/email-check.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml index cae4614a088f9..ef8c108f5c1c4 100644 --- a/.github/workflows/email-check.yaml +++ b/.github/workflows/email-check.yaml @@ -21,7 +21,7 @@ jobs: - name: Extract author email id: author env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} run: | # Use Github GraphQL APIs to get the email associated with the PR author because this takes into account the GitHub settings for email privacy. query=' From edbe55e982f23522f80ece53e75c6edf5b57e5c4 Mon Sep 17 00:00:00 2001 From: "Agarwal, Udit" Date: Wed, 16 Jul 2025 18:52:51 +0200 Subject: [PATCH 6/7] Test setting GH_TOKEN and remove authentication header --- .github/workflows/email-check.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml index ef8c108f5c1c4..1da1a9cf18761 100644 --- a/.github/workflows/email-check.yaml +++ b/.github/workflows/email-check.yaml @@ -4,6 +4,7 @@ on: pull_request: types: - opened + - synchronize permissions: contents: read @@ -21,7 +22,7 @@ jobs: - name: Extract author email id: author env: - GITHUB_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ github.token }} run: | # Use Github GraphQL APIs to get the email associated with the PR author because this takes into account the GitHub settings for email privacy. query=' @@ -33,7 +34,7 @@ jobs: PR_AUTHOR=${{ github.event.pull_request.user.login }} - email=$(gh api graphql -f login="$PR_AUTHOR" -f query="$query" -H "Authorization: Bearer $GITHUB_TOKEN" --jq '.data.user.email') + email=$(gh api graphql -f login="$PR_AUTHOR" -f query="$query" --jq '.data.user.email') echo "EMAIL_AUTHOR_GH_UI=$email" >> "$GITHUB_OUTPUT" # Create empty comment file From 062dc31e880e05e10c3ee99fde99bb10192bd996 Mon Sep 17 00:00:00 2001 From: "Agarwal, Udit" Date: Wed, 16 Jul 2025 18:56:29 +0200 Subject: [PATCH 7/7] Rmeove syncrhonize trigger. It was added earlier for debug --- .github/workflows/email-check.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml index 1da1a9cf18761..3339b1eed667b 100644 --- a/.github/workflows/email-check.yaml +++ b/.github/workflows/email-check.yaml @@ -4,7 +4,6 @@ on: pull_request: types: - opened - - synchronize permissions: contents: read