diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 8fd0df0929..68d6c79e45 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -76,7 +76,7 @@ jobs: platforms: arm64,arm - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 # https://github.com/docker/build-push-action/issues/761#issuecomment-1575006515 with: driver-opts: | @@ -176,7 +176,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 # https://github.com/docker/build-push-action/issues/761#issuecomment-1575006515 with: driver-opts: | diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8229b24197..151e394125 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -48,7 +48,7 @@ jobs: if: needs.changes.outputs.should-run-tests == 'true' name: Tests runs-on: ubuntu-24.04 - container: ghcr.io/runatlantis/testing-env:latest@sha256:1d8d06be575ee7cfbc709491fd06a1fc90a48527b0a047543f4bb3da4b53451f + container: ghcr.io/runatlantis/testing-env:latest@sha256:6851d4f5dd59bd739e655ad3dd462490f2b809e2cc775f73718e668b260f230c steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 diff --git a/.github/workflows/testing-env-image.yml b/.github/workflows/testing-env-image.yml index 7400c04dfa..44008e8a8b 100644 --- a/.github/workflows/testing-env-image.yml +++ b/.github/workflows/testing-env-image.yml @@ -49,7 +49,7 @@ jobs: platforms: arm64,arm - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 - name: Login to Packages Container registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 diff --git a/Dockerfile b/Dockerfile index 8520679c1a..41d08ccadf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1@sha256:db1ff77fb637a5955317c7a3a62540196396d565f3dd5742e76dddbb6d75c4c5 +# syntax=docker/dockerfile:1@sha256:93bfd3b68c109427185cd78b4779fc82b484b0b7618e36d0f104d4d801e66d25 # what distro is the image being built for ARG ALPINE_TAG=3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 ARG DEBIAN_TAG=12.8-slim@sha256:1537a6a1cbc4b4fd401da800ee9480207e7dc1f23560c21259f681db56768f63 diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go index 26d4dc2cc2..8c5d810cca 100644 --- a/server/events/project_command_runner.go +++ b/server/events/project_command_runner.go @@ -405,6 +405,9 @@ func (p *DefaultProjectCommandRunner) doApprovePolicies(ctx command.ProjectConte } else { prjPolicyStatus[i].Approvals = 0 } + // User matches the author and prevent self approve is set to true + } else if isOwner && !ignorePolicy && ctx.User.Username == ctx.Pull.Author && policySet.PreventSelfApprove { + prjErr = multierror.Append(prjErr, fmt.Errorf("policy set: %s the author of pr %s matches the command commenter user %s - please contact another policy owners to approve failing policies", policySet.Name, ctx.Pull.Author, ctx.User.Username)) // User is not authorized to approve policy set. } else if !ignorePolicy { prjErr = multierror.Append(prjErr, fmt.Errorf("policy set: %s user %s is not a policy owner - please contact policy owners to approve failing policies", policySet.Name, ctx.User.Username))