[llvm] [CI] Make email check workflow fail when author's email is private in Github UI (PR #148694)

Udit Kumar Agarwal via llvm-commits llvm-commits at lists.llvm.org
Tue Jul 15 10:55:16 PDT 2025 

https://github.com/uditagarwal97 updated https://github.com/llvm/llvm-project/pull/148694

>From bbde668c3d6110fe03fb4f182ec0acbfefde5924 Mon Sep 17 00:00:00 2001
From: "Agarwal, Udit" <udit.agarwal at intel.com>
Date: Thu, 10 Jul 2025 21:10:36 +0200
Subject: [PATCH 1/4] Fix workflow

Signed-off-by: Agarwal, Udit <udit.agarwal at intel.com>
---
 .github/workflows/email-check.yaml | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 904ad718f97dd..9907f9d198470 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -4,6 +4,7 @@ on:
   pull_request:
     types:
       - opened
+      - reopened
 
 permissions:
   contents: read
@@ -20,14 +21,33 @@ jobs:
 
       - name: Extract author email
         id: author
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          git log -1
-          echo "EMAIL=$(git show -s --format='%ae' HEAD~0)" >> $GITHUB_OUTPUT
+          # Use Github GraphQL APIs to get the email associated with the PR author.
+          query='
+          query($login: String!) {
+            user(login: $login) {
+              email
+            }
+          }'
+
+          PR_AUTHOR=${{ github.event.pull_request.user.login }}
+
+          email=$(gh api graphql -f login="$PR_AUTHOR" -f query="$query" -H "Authorization: Bearer $GITHUB_TOKEN" --jq '.data.user.email')
+          echo "EMAIL_AUTHOR_GH_UI=$email" >> "$GITHUB_OUTPUT"
+
+          # Print the email to the log for debugging purposes.
+          echo "GitHub user's email: $email"
+
           # Create empty comment file
           echo "[]" > comments
 
+      # When EMAIL_AUTHOR_GH_UI is NULL, author's email is hidden in GitHub UI.
+      # In this case, we warn the user to turn off "Keep my email addresses private"
+      # setting in their account.
       - name: Validate author email
-        if: ${{ endsWith(steps.author.outputs.EMAIL, 'noreply.github.com')  }}
+        if: ${{ steps.author.outputs.EMAIL_AUTHOR_GH_UI == '' }}
         env:
           COMMENT: >-
             ⚠️ We detected that you are using a GitHub private e-mail address to contribute to the repo.<br/>

>From 65d0964f39eaedaa1530ea39b12609f4dc2bfed3 Mon Sep 17 00:00:00 2001
From: Udit Kumar Agarwal <udit.agarwal at intel.com>
Date: Tue, 15 Jul 2025 10:38:56 -0700
Subject: [PATCH 2/4] Apply suggestions from code review

---
 .github/workflows/email-check.yaml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 9907f9d198470..b197f75cf2a12 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -24,7 +24,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          # Use Github GraphQL APIs to get the email associated with the PR author.
+          # Use Github GraphQL APIs to get the email associated with the PR author because this takes into account the GitHub settings for email privacy.
           query='
           query($login: String!) {
             user(login: $login) {
@@ -37,9 +37,6 @@ jobs:
           email=$(gh api graphql -f login="$PR_AUTHOR" -f query="$query" -H "Authorization: Bearer $GITHUB_TOKEN" --jq '.data.user.email')
           echo "EMAIL_AUTHOR_GH_UI=$email" >> "$GITHUB_OUTPUT"
 
-          # Print the email to the log for debugging purposes.
-          echo "GitHub user's email: $email"
-
           # Create empty comment file
           echo "[]" > comments
 

>From 1353f1bb1fe0b9d8f5c96511a3c6a87d5a0a04f2 Mon Sep 17 00:00:00 2001
From: Udit Kumar Agarwal <udit.agarwal at intel.com>
Date: Tue, 15 Jul 2025 10:45:35 -0700
Subject: [PATCH 3/4] add print again to see if changing public email changes
 the email returned by GraphQL

---
 .github/workflows/email-check.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index b197f75cf2a12..4c85ed79a57a3 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -37,6 +37,9 @@ jobs:
           email=$(gh api graphql -f login="$PR_AUTHOR" -f query="$query" -H "Authorization: Bearer $GITHUB_TOKEN" --jq '.data.user.email')
           echo "EMAIL_AUTHOR_GH_UI=$email" >> "$GITHUB_OUTPUT"
 
+          # Print the email to the log for debugging purposes.
+          echo "GitHub user's email: $email"
+
           # Create empty comment file
           echo "[]" > comments
 

>From 539737a3348e69a55343d0995cf05b6b534fecb4 Mon Sep 17 00:00:00 2001
From: Udit Kumar Agarwal <udit.agarwal at intel.com>
Date: Tue, 15 Jul 2025 10:55:06 -0700
Subject: [PATCH 4/4] Final cleanup

---
 .github/workflows/email-check.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 4c85ed79a57a3..cae4614a088f9 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -4,7 +4,6 @@ on:
   pull_request:
     types:
       - opened
-      - reopened
 
 permissions:
   contents: read
@@ -37,9 +36,6 @@ jobs:
           email=$(gh api graphql -f login="$PR_AUTHOR" -f query="$query" -H "Authorization: Bearer $GITHUB_TOKEN" --jq '.data.user.email')
           echo "EMAIL_AUTHOR_GH_UI=$email" >> "$GITHUB_OUTPUT"
 
-          # Print the email to the log for debugging purposes.
-          echo "GitHub user's email: $email"
-
           # Create empty comment file
           echo "[]" > comments

More information about the llvm-commits mailing list