Grant workflow pull request write permissions and fail job to block merges

Ndiritu · Ndiritu · commit b317b3dfbf62 · 2024-06-03T19:19:19.000+03:00
diff --git a/.github/workflows/metadatachanges.yml b/.github/workflows/metadatachanges.yml
@@ -18,6 +18,8 @@ jobs:
   CheckForMetadataChanges:
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.action != 'closed')
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
@@ -51,6 +53,16 @@ jobs:
             body: body
           })
 
+          await github.rest.pulls.createReview({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: body,
+            pull_number: context.issue.number,
+            event: 'REQUEST_CHANGES'
+          })
+
+          core.setFailed(body)
+
 # [0] https://help.github.com/en/actions/configuring-and-managing-workflows/using-environment-variables
 # [1] https://hub.github.com/hub-pull-request.1.html
 # https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token
