Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add scripts for trusting PRs from forks to allow CI to run #1512

Merged
merged 12 commits into from
Oct 28, 2024
Merged

ci: add scripts for trusting PRs from forks to allow CI to run #1512

merged 12 commits into from
Oct 28, 2024

Conversation

trevor-coleman
Copy link
Contributor

@trevor-coleman trevor-coleman commented Oct 10, 2024
edited
Loading

Please verify the following:

  • yarn build-and-test:local passes
  • I have added tests for any new features, if relevant
  • README.md (or relevant documentation) has been updated with your changes

Describe your PR

Summary

  • adds the ci:trust script and related docs. to the local repo
  • CircleCI Changes:
    • add the "trust-check" step, to ensure CI doesn't run on untrusted forks
  • Adds github workflows to:
    • push PR changes to a trusted branch then clean up automatically after 2h
    • delete all temp trusted branches with matching branch names

Notes:

  • Based on this article, this config prevents the build-docs action from running on untrusted forks.
  • CI will check if a branch is trusted before running CI
  • Once a branch is trusted, then CI will run
  • The github workflow to create a temp branch will automatically clean up the branch after a couple hours, and a separate action is provided to manually delete all temp branches in case any get left behind.
  • the ci:trust script will need to be cleaned up manually for now -- can maybe automate that with a cron job in github workflows

@trevor-coleman trevor-coleman self-assigned this Oct 10, 2024
@trevor-coleman trevor-coleman added docs 📚 Documentation, tips, and examples. maintenance 🔧 Dependencies, refactoring, tests, and janitor work. labels Oct 10, 2024
@trevor-coleman trevor-coleman mentioned this pull request Oct 10, 2024
Closed
@trevor-coleman trevor-coleman changed the title origin/trevor-coleman/trusted-branch-ci-fix ci: add scripts for trusting PRs from forks to allow CI to run Oct 10, 2024
joshuayoes
joshuayoes approved these changes Oct 28, 2024
View reviewed changes
Copy link
Contributor

@joshuayoes joshuayoes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I gave this a test on #1466 and it works ✅

@joshuayoes joshuayoes merged commit b5fbdb6 into master Oct 28, 2024
3 checks passed
@joshuayoes joshuayoes deleted the trevor-coleman/trusted-branch-ci-fix branch October 28, 2024 17:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshuayoes joshuayoes joshuayoes approved these changes

@frankcalise frankcalise Awaiting requested review from frankcalise

Assignees

@trevor-coleman trevor-coleman

Labels
docs 📚 Documentation, tips, and examples. maintenance 🔧 Dependencies, refactoring, tests, and janitor work.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@trevor-coleman @joshuayoes