[llvm] [CI] Make email check workflow fail when author's email is private in Github UI (PR #148694)
Udit Kumar Agarwal via llvm-commits
llvm-commits at lists.llvm.org
Mon Jul 14 14:48:56 PDT 2025
https://github.com/uditagarwal97 updated https://github.com/llvm/llvm-project/pull/148694
>From 857291f5191c97a7889becc29c3a16e665f96424 Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Thu, 10 Jul 2025 21:10:36 +0200
Subject: [PATCH 01/11] Fix workflow
Signed-off-by: Agarwal, Udit <udit.agarwal at intel.com>
---
.github/workflows/email-check.yaml | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 904ad718f97dd..35cbcd3c810eb 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -26,8 +26,11 @@ jobs:
# Create empty comment file
echo "[]" > comments
+ # If author's email is hidden in GH's settings, github.event.pull_request.user.email
+ # will be null and PR will be authored by noreply.github.com.
- name: Validate author email
- if: ${{ endsWith(steps.author.outputs.EMAIL, 'noreply.github.com') }}
+ if: endsWith(steps.author.outputs.EMAIL, 'noreply.github.com') ||
+ github.event.pull_request.user.email == ''
env:
COMMENT: >-
⚠️ We detected that you are using a GitHub private e-mail address to contribute to the repo.<br/>
@@ -39,6 +42,9 @@ jobs:
[{"body" : "$COMMENT"}]
EOF
+ # Fail this job.
+ false
+
- uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
if: always()
with:
>From 5aaf23af32d09fc268e3d304e385433e5ddc595a Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Mon, 14 Jul 2025 20:31:51 +0200
Subject: [PATCH 02/11] add debug
---
.github/workflows/email-check.yaml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 35cbcd3c810eb..1fc50a904ec32 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -42,6 +42,9 @@ jobs:
[{"body" : "$COMMENT"}]
EOF
+ echo steps.author.outputs.EMAIL
+ echo "$(github.event.pull_request.user.email)"
+
# Fail this job.
false
>From ab60985699986c2a423a8dbff472153003f6b269 Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Mon, 14 Jul 2025 20:35:18 +0200
Subject: [PATCH 03/11] add edited trigger
---
.github/workflows/email-check.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 1fc50a904ec32..69363773c0bc0 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -4,6 +4,7 @@ on:
pull_request:
types:
- opened
+ - edited
permissions:
contents: read
>From 0deca03582c7b5b6bd31f939284debe28c68476f Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Mon, 14 Jul 2025 20:39:43 +0200
Subject: [PATCH 04/11] fix trigger
---
.github/workflows/email-check.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 69363773c0bc0..658d922c6c3a8 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -4,7 +4,7 @@ on:
pull_request:
types:
- opened
- - edited
+ - synchronize
permissions:
contents: read
>From 4cc11b53629235dca9acdb5cbfa227663275f6bd Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Mon, 14 Jul 2025 20:43:02 +0200
Subject: [PATCH 05/11] fix debug log
---
.github/workflows/email-check.yaml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 658d922c6c3a8..6bb00ea232a32 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -43,8 +43,9 @@ jobs:
[{"body" : "$COMMENT"}]
EOF
- echo steps.author.outputs.EMAIL
- echo "$(github.event.pull_request.user.email)"
+ # Print the email to the log for debugging purposes.
+ echo "Author's email: ${steps.author.outputs.EMAIL}"
+ echo "GitHub user's email: ${github.event.pull_request.user.email}"
# Fail this job.
false
>From 7481f60f42ca5be3c1d8ea24cdce4274ea5e788c Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Mon, 14 Jul 2025 20:56:30 +0200
Subject: [PATCH 06/11] fix debug log
---
.github/workflows/email-check.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 6bb00ea232a32..845b415d4157d 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -44,8 +44,8 @@ jobs:
EOF
# Print the email to the log for debugging purposes.
- echo "Author's email: ${steps.author.outputs.EMAIL}"
- echo "GitHub user's email: ${github.event.pull_request.user.email}"
+ echo "Author's email: ${{ steps.author.outputs.EMAIL }}"
+ echo "GitHub user's email: ${{ github.event.pull_request.user.email }}"
# Fail this job.
false
>From 7185bd0be40d3b6602ec86a935eff3756e008fa9 Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Mon, 14 Jul 2025 21:50:00 +0200
Subject: [PATCH 07/11] try allowing workflow to read PR
---
.github/workflows/email-check.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 845b415d4157d..86a9fedbeba23 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -8,6 +8,7 @@ on:
permissions:
contents: read
+ pull_requests: read
jobs:
validate_email:
>From 6aea0405ef5c0eb3d844116db07ccedacd5772c7 Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Mon, 14 Jul 2025 21:51:18 +0200
Subject: [PATCH 08/11] try allowing workflow to read PR
---
.github/workflows/email-check.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 86a9fedbeba23..98f0e10a762e8 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -8,7 +8,7 @@ on:
permissions:
contents: read
- pull_requests: read
+ pull-requests: read
jobs:
validate_email:
>From d8e1b1042eadad7edb4842df9d0b23a72a0b7c89 Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Mon, 14 Jul 2025 21:57:30 +0200
Subject: [PATCH 09/11] try allowing workflow to read PR
---
.github/workflows/email-check.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 98f0e10a762e8..dd4880b441a94 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -6,14 +6,13 @@ on:
- opened
- synchronize
-permissions:
- contents: read
- pull-requests: read
-
jobs:
validate_email:
runs-on: ubuntu-24.04
if: github.repository == 'llvm/llvm-project'
+ permissions:
+ pull-requests: read
+ contents: read
steps:
- name: Fetch LLVM sources
uses: actions/checkout at 11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -47,6 +46,7 @@ jobs:
# Print the email to the log for debugging purposes.
echo "Author's email: ${{ steps.author.outputs.EMAIL }}"
echo "GitHub user's email: ${{ github.event.pull_request.user.email }}"
+ echo "GitHub user's login: ${{ github.event.pull_request.user.login }}"
# Fail this job.
false
>From ab21f217f6da24fcf366991ebda1a1a91d756ffa Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Mon, 14 Jul 2025 23:31:14 +0200
Subject: [PATCH 10/11] Try adding GH_TOKEN
---
.github/workflows/email-check.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index dd4880b441a94..4e4c5499b7663 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -33,6 +33,7 @@ jobs:
if: endsWith(steps.author.outputs.EMAIL, 'noreply.github.com') ||
github.event.pull_request.user.email == ''
env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COMMENT: >-
⚠️ We detected that you are using a GitHub private e-mail address to contribute to the repo.<br/>
Please turn off [Keep my email addresses private](https://github.com/settings/emails) setting in your account.<br/>
>From 26dc86e543f327977c7f2602c2218b571d189d4f Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Mon, 14 Jul 2025 23:48:24 +0200
Subject: [PATCH 11/11] Try using GH's GraphQL API
---
.github/workflows/email-check.yaml | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 4e4c5499b7663..66fc3108557eb 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -21,9 +21,16 @@ jobs:
- name: Extract author email
id: author
+ env:
+ PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git log -1
echo "EMAIL=$(git show -s --format='%ae' HEAD~0)" >> $GITHUB_OUTPUT
+
+ email=$(gh api graphql -f login="$PR_AUTHOR" -f query="$query" -H "Authorization: Bearer $GH_TOKEN" --jq '.data.user.email')
+ echo "EMAIL_AUTHOR_GH_UI=$email" >> "$GITHUB_OUTPUT"
+
# Create empty comment file
echo "[]" > comments
@@ -31,9 +38,8 @@ jobs:
# will be null and PR will be authored by noreply.github.com.
- name: Validate author email
if: endsWith(steps.author.outputs.EMAIL, 'noreply.github.com') ||
- github.event.pull_request.user.email == ''
+ endsWith(steps.author.outputs.EMAIL_AUTHOR_GH_UI, 'noreply.github.com')
env:
- GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COMMENT: >-
⚠️ We detected that you are using a GitHub private e-mail address to contribute to the repo.<br/>
Please turn off [Keep my email addresses private](https://github.com/settings/emails) setting in your account.<br/>
@@ -46,8 +52,7 @@ jobs:
# Print the email to the log for debugging purposes.
echo "Author's email: ${{ steps.author.outputs.EMAIL }}"
- echo "GitHub user's email: ${{ github.event.pull_request.user.email }}"
- echo "GitHub user's login: ${{ github.event.pull_request.user.login }}"
+ echo "GitHub user's email: ${{ steps.author.outputs.EMAIL_AUTHOR_GH_UI }}"
# Fail this job.
false
More information about the llvm-commits
mailing list