How to restrict workflow actions to execute on specific parameters

hi Team,
I have a requirement where I would like to use workfow_dispatch to trigger manual workflow with input parameters
ex: when its dev or SIT everyone can execute
but when it’s Test/UAT and Prod environment only specific members of the repository should execute
how to achieve this ?

its something like applies ACLs to workflow to run based on input parameters

Hi @chaitanya-bojja-by,

You can add job level if expression, check the input value and only allow specific user to execute the workflow when value match. Code as below:

jobs:
  job1:
    if: github.event.inputs.value=='dev' || github.event.inputs.value=='SIT' || ((github.event.inputs.value=='Test' || github.event.inputs.value=='UAT' || github.event.inputs.value=='Prod') && github.actor=='testuser1')

When it’s dev or SIT, every member can trigger the workflow.
When it’s Test, UAT or Prod, only user testuser1 can trigger the workflow.

Thanks

I have list of users to allow or not to allow
Is there anyway to enter list of users instead of hard coding in workflow file

if: github.event.inputs.environment==‘dev’ || (( github.event.inputs.environment==‘test’ || github.event.inputs.environment==‘Prod’) && github.actor==‘ram | venkat | naresh’)

Assuming that the pipe character cannot occur in the actor name, it should be safe to do:

contains('|ram|venkat|naresh|', format('|{0}|', github.actor))

and also how to restrict code checkout based on branch like

if env is dev or SIT then code checkout from feature branches like
peter/code-change
if env is test or prod then code checkout has to be from master or release branch

Hi @chaitanya-bojja-by,

You can also add step level if expression to actions/checkout:

eg:

      - name: checkout
        if: github.event.inputs.value=='dev' || github.event.inputs.value=='SIT'
        uses: actions/checkout@v2
        with:
          ref: peter/code-change

Thanks