chore(repo): check valid release authors for latest (#22127)

nrwl · Mar 4, 2024 · 80ae397 · 80ae397
1 parent 7c998db
commit 80ae397
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/scripts/nx-release.ts b/scripts/nx-release.ts
@@ -11,6 +11,14 @@ import * as yargs from 'yargs';
 
 const LARGE_BUFFER = 1024 * 1000000;
 
+// DO NOT MODIFY, even for testing. This only gates releases to latest.
+const VALID_AUTHORS_FOR_LATEST = [
+ 'jaysoo',
+ 'JamesHenry',
+ 'FrozenPandaz',
+ 'vsavkin',
+];
+
 (async () => {
  const options = parseArgs();
  // Perform minimal logging by default
@@ -121,6 +129,17 @@ const LARGE_BUFFER = 1024 * 1000000;
  });
 
  const distTag = determineDistTag(options.version);
+ if (!distTag || distTag === 'latest') {
+ // We are only expecting latest releases to be performed within publish.yml on GitHub
+ const author = process.env.GITHUB_ACTOR ?? '';
+ if (!VALID_AUTHORS_FOR_LATEST.includes(author)) {
+ throw new Error(
+ `The GitHub user "${author}" is not allowed to publish to "latest". Please request one of the following users to carry out the release: ${VALID_AUTHORS_FOR_LATEST.join(
+ ', '
+ )}`
+ );
+ }
+ }
 
  if (options.dryRun) {
  console.warn('Not Publishing because --dryRun was passed');