Merge branch 'fossjunkie/internal-ci-checks' into fossjunkie-patch-1

Co-authored-by: Arthur Baars <aibaars@github.com>

.github/workflows/internal-ci-checks.yml

@@ -0,0 +1,31 @@
+name: Internal CI Checks
+# This workflows checks if the author of a PR is a member of the CodeQL team
+# and adds `ready-for-internal-ci` label to trigger the internal CI
+
+on:
+  pull_request_target:
+
+jobs:
+  set-label:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set a label to trigger internal CI checks
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          USERNAME: ${{ github.event.pull_request.user.login }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          LABEL: "ready-for-internal-ci"
+        run: |
+          set +eo pipefail
+          echo "Testing API calls"
+          gh api -i /repos/github/codeql
+          echo "Checking if user $USERNAME is a member of the CodeQL team"
+          gh api -H "Accept: application/vnd.github+json" /orgs/github/teams/codeql/memberships/$USERNAME > /dev/null 2>&1
+          if [ "$?" == 0 ]; then
+              echo "User $USERNAME is a member of the CodeQL team"
+              echo "Adding '${LABEL}' label"
+              gh pr edit "${PR_NUMBER}" --repo "$GITHUB_REPOSITORY" --add-label "$LABEL"
+          else
+            echo "User $USERNAME is not a member of the CodeQL team"
+            echo "To trigger the internal CI, a maintainer needs to add the '${LABEL}' label"
+          fi

README.md

@@ -1,5 +1,7 @@
 # CodeQL
 
+
+
 This open source repository contains the standard CodeQL libraries and queries that power [GitHub Advanced Security](https://github.com/features/security/code) and the other application security products that [GitHub](https://github.com/features/security/) makes available to its customers worldwide.
 
 ## How do I learn CodeQL and run queries?