You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PRs from forks need explicit approval before GH actions are executed. This can be blocking and tedious for the maintenance team. I aim to foster a brief discussion around this as some of the maintenance team wondered why they must approve GH actions.
There are several ways on how to change this:
Go to your repository's Settings
Click on "Actions" under "Code and automation" in the left sidebar
Scroll down to "Fork pull request workflows"
You'll find three options:
"Require approval for all outside collaborators"
"Require approval for first-time contributors"
"Allow all actions and reusable workflows"
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
PRs from forks need explicit approval before GH actions are executed. This can be blocking and tedious for the maintenance team. I aim to foster a brief discussion around this as some of the maintenance team wondered why they must approve GH actions.
There are several ways on how to change this:
Go to your repository's Settings
Click on "Actions" under "Code and automation" in the left sidebar
Scroll down to "Fork pull request workflows"
You'll find three options:
"Require approval for all outside collaborators"
"Require approval for first-time contributors"
"Allow all actions and reusable workflows"
or by adding
permissions:
actions: write
contents: read
pull-requests: write
To the ci yaml.
I think "Require approval for first-time contributors" is a good option to protect the project maintainers against PR DDOSes.
Beta Was this translation helpful? Give feedback.
All reactions