.

.github/check-pr-base.js

@@ -0,0 +1,20 @@
+module.exports = async ({github, context}) => {
+  const pr = await github.rest.pulls.get({
+    owner: context.payload.repository.owner.login,
+    repo: context.payload.repository.name,
+    pull_number: context.payload.number,
+  });
+
+  const shouldWarn = pr.base.ref == "main" && pr.head.ref != "staging"
+
+  if (shouldWarn) {
+    octokit.rest.issues.createComment({
+      owner: context.payload.repository.owner.login,
+      repo: context.payload.repository.name,
+      issue_number: context.payload.number,
+      body: `This PR is targeting the 'main' branch but did not originate from 'staging', please make sure this intentional`,
+    });
+  }
+
+  return shouldWarn
+}

.github/workflows/check-base-branch.yml

@@ -0,0 +1,28 @@
+name: Warn on PRs to main branch
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+    branches:
+      - main
+
+jobs:
+  check-pr-base:
+    permissions:
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+
+      - name: Validate PR head and base branches
+        uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6.3.3
+        id: validate-pr-base
+        with:
+          result-encoding: string
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const script = require('.github/check-pr-base.js')
+            return await script({github, context})