-
Notifications
You must be signed in to change notification settings - Fork 774
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[21479] Allow runing CI on external contributions #5220
Conversation
@Mergifyio rebase |
✅ Branch has been successfully rebased |
68b289e
to
206be41
Compare
206be41
to
e924aaa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps we could make a separate workflow for PR labeling?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apart from my comments below, this needs a rebase after #5285
Signed-off-by: JesusPoderoso <[email protected]>
Signed-off-by: JesusPoderoso <[email protected]>
Signed-off-by: eProsima <[email protected]>
e924aaa
to
c6ae1fd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with green build on #5242
@Mergifyio backport 3.0.x 2.14.x 2.10.x 2.6.x |
✅ Backports have been created
|
* Refs #21479: Include labeling check Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Keep 'Add label' job only in ubuntu workflow Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Apply rev suggestions Signed-off-by: eProsima <[email protected]> --------- Signed-off-by: JesusPoderoso <[email protected]> Signed-off-by: eProsima <[email protected]> (cherry picked from commit 2d1e793)
* Refs #21479: Include labeling check Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Keep 'Add label' job only in ubuntu workflow Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Apply rev suggestions Signed-off-by: eProsima <[email protected]> --------- Signed-off-by: JesusPoderoso <[email protected]> Signed-off-by: eProsima <[email protected]> (cherry picked from commit 2d1e793)
* Refs #21479: Include labeling check Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Keep 'Add label' job only in ubuntu workflow Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Apply rev suggestions Signed-off-by: eProsima <[email protected]> --------- Signed-off-by: JesusPoderoso <[email protected]> Signed-off-by: eProsima <[email protected]> (cherry picked from commit 2d1e793)
* Refs #21479: Include labeling check Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Keep 'Add label' job only in ubuntu workflow Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Apply rev suggestions Signed-off-by: eProsima <[email protected]> --------- Signed-off-by: JesusPoderoso <[email protected]> Signed-off-by: eProsima <[email protected]> (cherry picked from commit 2d1e793)
* Refs #21479: Include labeling check Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Keep 'Add label' job only in ubuntu workflow Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Apply rev suggestions Signed-off-by: eProsima <[email protected]> --------- Signed-off-by: JesusPoderoso <[email protected]> Signed-off-by: eProsima <[email protected]> (cherry picked from commit 2d1e793) Co-authored-by: Jesús Poderoso <[email protected]>
* Refs #21479: Include labeling check Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Keep 'Add label' job only in ubuntu workflow Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Apply rev suggestions Signed-off-by: eProsima <[email protected]> --------- Signed-off-by: JesusPoderoso <[email protected]> Signed-off-by: eProsima <[email protected]> (cherry picked from commit 2d1e793) Co-authored-by: Jesús Poderoso <[email protected]>
* Refs #21479: Include labeling check Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Keep 'Add label' job only in ubuntu workflow Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Apply rev suggestions Signed-off-by: eProsima <[email protected]> --------- Signed-off-by: JesusPoderoso <[email protected]> Signed-off-by: eProsima <[email protected]> (cherry picked from commit 2d1e793) Co-authored-by: Jesús Poderoso <[email protected]>
* Refs #21479: Include labeling check Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Keep 'Add label' job only in ubuntu workflow Signed-off-by: JesusPoderoso <[email protected]> * Refs #21479: Apply rev suggestions Signed-off-by: eProsima <[email protected]> --------- Signed-off-by: JesusPoderoso <[email protected]> Signed-off-by: eProsima <[email protected]> (cherry picked from commit 2d1e793) Co-authored-by: Jesús Poderoso <[email protected]>
Description
This PR adds some logic to the CI to determine if an external contribution triggers the CI. In such a case, the CI avoids using the
external/add_label
action which is not allowed in external contribution cases.A deep research on the literature brings some information regarding possible security issues while using
pull_request_target
CI triggers. As long as we only use thepull_request
trigger, there is no need to include manual confirmation from a Collaborator with required permissions, from now on.NOTE: Adding the
skip-ci
label as long as the external contributions CI is tested from the following external PR:As part of the CI pipelines, this PR needs to be included also in the critical-security-fixes-only 2.6.x supported branch.
@Mergifyio backport 3.0.x 2.14.x 2.10.x 2.6.x
Contributor Checklist
versions.md
file (if applicable).Reviewer Checklist