Skip to content

Commit

Permalink
Do NOT use pull_request_target events
Browse files Browse the repository at this point in the history
Just avoid contributions to run ANY tests at all by default.

Instead, testing needs to be excplictly alloed by lebaling the PR
after inspecting it looks sane.
  • Loading branch information
josvazg committed Mar 14, 2024
1 parent ea8efbc commit f14da2d
Showing 1 changed file with 22 additions and 3 deletions.
25 changes: 22 additions & 3 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,6 @@ on:
- '**'
paths-ignore:
- 'docs/**'
pull_request_target:
paths-ignore:
- 'docs/**'
merge_group:
workflow_dispatch:

Expand All @@ -23,19 +20,41 @@ concurrency:
cancel-in-progress: true

jobs:
allowed:
runs-on: ubuntu-latest
# Contributions do NOT run any testing by default, a label is needed to allow testing
if: |
github.event.pull_request.base.repo.full_name == github.event.pull_request.head.repo.full_name ||
contains(github.event.pull_request.labels.*.name, 'safe-to-test') ||
contains(github.event.pull_request.labels.*.name, 'cloud-tests') ||
contains(github.event.pull_request.labels.*.name, 'retest')
steps:
- name: allowed message
run: echo "Allowed to test"

lint:
needs:
- allowed
uses: ./.github/workflows/lint.yaml

validate-manifests:
needs:
- allowed
uses: ./.github/workflows/validate-manifests.yml

unit-tests:
needs:
- allowed
uses: ./.github/workflows/test-unit.yml

check-licenses:
needs:
- allowed
uses: ./.github/workflows/check-licenses.yml

cloud-tests-filter:
needs:
- allowed
uses: ./.github/workflows/cloud-tests-filter.yml

cloud-tests:
Expand Down

0 comments on commit f14da2d

Please sign in to comment.