chore(deps): bump authlib from 1.7.0 to 1.7.1 in /backend #11
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Close External PRs | |
| # Auto-close pull requests opened by anyone outside the core team. | |
| # SourceBox Sentry is source-available but does not accept external code | |
| # contributions — see CONTRIBUTING.md for details. | |
| on: | |
| pull_request_target: | |
| types: [opened, reopened] | |
| permissions: | |
| pull-requests: write | |
| issues: write | |
| jobs: | |
| close: | |
| runs-on: ubuntu-latest | |
| # Don't close PRs from: | |
| # | |
| # 1. The core team (OWNER / MEMBER / COLLABORATOR by author_association). | |
| # | |
| # 2. Any GitHub App / bot (`user.type == 'Bot'`). This covers | |
| # Dependabot, GitHub Actions, the GitHub Security Advisory bot, | |
| # and any future Claude / AI GitHub App the operator enables on | |
| # the repo. Bots come from GitHub Apps that the repo owner has | |
| # to deliberately install, so the install itself is the trust | |
| # gate — once installed, their PRs should flow through. | |
| # | |
| # 3. The explicit `EXTRA_ALLOWLIST` of usernames below. Needed | |
| # because Claude Code's GitHub integration opens PRs as the | |
| # configured user account (not a bot), and `author_association` | |
| # can come back as `CONTRIBUTOR` / `NONE` for the repo owner | |
| # themselves when the org/owner relationship doesn't register | |
| # on GitHub's contributor graph. Without this, your own | |
| # Claude-authored PRs get auto-closed (see PR #9 as an example). | |
| # | |
| # Caught two real bugs at once when wiring this up: a high-severity | |
| # Clerk auth-bypass advisory landed, Dependabot opened the security | |
| # PR with the patch, and this workflow closed the PR 9 seconds later | |
| # — leaving master vulnerable until the npm audit CI gate caught it | |
| # on the next push and blocked the deploy. | |
| if: | | |
| !contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.pull_request.author_association) && | |
| github.event.pull_request.user.type != 'Bot' && | |
| !contains(fromJSON('["Sbussiso"]'), github.event.pull_request.user.login) | |
| steps: | |
| - name: Comment and close | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const author = context.payload.pull_request.user.login; | |
| const body = [ | |
| `Hi @${author}, thanks for taking the time to open this PR.`, | |
| ``, | |
| `SourceBox Sentry is **source-available under AGPL-3.0** but does not currently accept external code contributions. This PR is being closed automatically — it is not a reflection of the quality of your work.`, | |
| ``, | |
| `If you found a bug or have an idea, we would still love to hear about it:`, | |
| ``, | |
| `- Bug reports → [Issues](https://github.com/${context.repo.owner}/${context.repo.repo}/issues)`, | |
| `- Feature ideas / questions → [Discussions](https://github.com/${context.repo.owner}/${context.repo.repo}/discussions)`, | |
| ``, | |
| `See [CONTRIBUTING.md](https://github.com/${context.repo.owner}/${context.repo.repo}/blob/master/CONTRIBUTING.md) for the full policy.`, | |
| ``, | |
| `Thanks for your interest in SourceBox Sentry.`, | |
| ].join('\n'); | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.pull_request.number, | |
| body, | |
| }); | |
| await github.rest.pulls.update({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| pull_number: context.payload.pull_request.number, | |
| state: 'closed', | |
| }); |