A GitHub Action that verifies whether an issue or pull request was created by a human. Supports auto-closing and tagging of unverified submissions.
-> Test Here
name: Bot Check
on:
issues:
types: [opened]
pull_request:
types: [opened]
repository_dispatch:
types: [bot-check]
jobs:
bot-check:
runs-on: ubuntu-latest
# required configuration when using secrets.GITHUB_TOKEN as the comment-account-token
# permissions:
# issues: write
# pull-requests: write
steps:
- uses: dohyeon5626/bot-check-action@main
with:
personal-access-token: ${{ secrets.BOT_CHECK_TOKEN }}
comment-account-token: ${{ secrets.GITHUB_TOKEN }}
auto-close: 'true'
tag: 'bot'
verification-timeout: '10'
trusted-permission: 'write'
allowed-users: 'alice,bob'
first-time-only: 'true'| Input | Required | Default | Description |
|---|---|---|---|
personal-access-token |
✅ | — | Personal access token used to call the verification API. |
comment-account-token |
❌ | personal-access-token |
Token for the account that posts comments. If not set, personal-access-token is used. |
auto-close |
❌ | false |
Automatically close the issue or PR if verification fails. |
tag |
❌ | '' |
Label to add to the issue or PR if verification fails. The label must already exist in the repository. |
verification-timeout |
❌ | 5 |
Verification link expiration time in minutes. (5~60) |
trusted-permission |
❌ | '' |
Minimum permission level to skip verification. One of: read, write, admin. Leave empty to require verification from everyone. |
allowed-users |
❌ | '' |
Comma-separated list of usernames to skip verification (e.g. alice,bob). |
first-time-only |
❌ | false |
If true, only first-time contributors are required to verify. Returning contributors are skipped. |
Works with Bot Check Page, Serverless Functions
