check permissions of user before attempting to create branch (adobe#2985)

Co-authored-by: Robert Snow <[email protected]>

Author: LFDanLu

.github/actions/permissions/action.yml

@@ -0,0 +1,5 @@
+name: 'Check permissions'
+description: 'Checks if commentor has write access or above'
+runs:
+  using: 'node16'
+  main: 'index.js'

.github/actions/permissions/index.js

@@ -0,0 +1,21 @@
+const core = require('@actions/core');
+const github = require('@actions/github');
+
+const octokit = new github.GitHub(process.env.GITHUB_TOKEN);
+run();
+async function run() {
+  const context = github.context;
+  try {
+    // Get permission level of actor
+    const {data} = await octokit.repos.getCollaboratorPermissionLevel({
+      ...context.repo,
+      username: context.actor
+    });
+
+    if (!['admin','write'].includes(data.permission)) {
+      core.setFailed('User doesn\'t have write permissions or higher');
+    }
+  } catch (error) {
+    core.setFailed(error.message);
+  }
+}

.github/workflows/pr-comment.yaml

@@ -18,7 +18,11 @@ jobs:
           node-version: '16'
       - name: install
         run: yarn install
-      - name: Comment contains trigger
+      - name: Check write permissions of commentor
+        uses: ./.github/actions/permissions
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create/update branch for fork PR
         uses: ./.github/actions/branch
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}