Bump eslint-plugin-jsdoc from 61.1.11 to 61.1.12 #1228

	name: System file changes

	on:
	pull_request_target:
	branches:
	- main
	paths:
	- "**"
	- "!**.md"
	- "!api/**.json"
	- "!browsers/**.json"
	- "!css/**.json"
	- "!html/**.json"
	- "!http/**.json"
	- "!javascript/**.json"
	- "!manifests/**.json"
	- "!mathml/**.json"
	- "!svg/**.json"
	- "!webassembly/**.json"
	- "!webdriver/**.json"
	- "!webextensions/**.json"

	# No GITHUB_TOKEN permissions, as we don't use it.
	permissions: {}

	jobs:
	block:
	# This makes sure it only runs on our origin repo
	# and makes exceptions for Dependabot and mdn-bot.
	if: github.repository_owner == 'mdn' && github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.user.login != 'mdn-bot'
	runs-on: ubuntu-latest
	steps:
	- name: Block if author/actor is not admin or BCD owner
	env:
	ACTOR: ${{ github.actor }}
	AUTHOR: ${{ github.event.pull_request.user.login }}
	GH_TOKEN: ${{ secrets.ORG_PAT }}
	run: \|
	is_admin_or_owner() {
	local user="$1"
	echo "Checking user: $user"

	local perm
	perm=$(gh api "repos/mdn/browser-compat-data/collaborators/$user/permission" --jq .permission 2> /dev/null \|\| true)

	if [ "$perm" = "admin" ]; then
	return 0
	fi

	local state
	state=$(gh api "orgs/mdn/teams/bcd-owners/memberships/$user" --jq .state 2> /dev/null \|\| true)

	if [ "$state" = "active" ]; then
	return 0
	fi

	echo "User ($user) is not an admin, and not a BCD owner; please ping someone for a review."
	exit 1
	}

	# Check PR author.
	is_admin_or_owner "$AUTHOR"

	# Check actor.
	if [ "$ACTOR" != "$AUTHOR" ]; then
	is_admin_or_owner "$ACTOR"
	fi

Provide feedback