Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add secure pr build triggers. #249

Merged
merged 1 commit into from
Aug 3, 2023
Merged

Add secure pr build triggers. #249

merged 1 commit into from
Aug 3, 2023

Conversation

HumairAK
Copy link
Contributor

@HumairAK HumairAK commented Aug 3, 2023

The issue resolved by this Pull Request:

Related ##243

Description of your changes:

GH does not allow PR workflows to access secrets (for obvious reasons). This pr proposes a secure way to execute pr image builds in an unprivileged environment. Workflows triggered via workflow_run event are always triggered from default branch, as such can access repository tickets.

Testing instructions

Tested with a fork pr here.
Triggered workflow when pr closed: 1
Triggered work when pr opened: 2

Checklist

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 3, 2023

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from humairak. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@HumairAK
Add secure pr build triggers.
a15f084 
Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com>
gmfrasca
gmfrasca reviewed Aug 3, 2023
View reviewed changes
Copy link
Member

@gmfrasca gmfrasca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Aug 3, 2023
@HumairAK HumairAK merged commit 03666a0 into opendatahub-io:main Aug 3, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gmfrasca gmfrasca gmfrasca left review comments

@gregsheremeta gregsheremeta Awaiting requested review from gregsheremeta

@rimolive rimolive Awaiting requested review from rimolive

Assignees

@gmfrasca gmfrasca

Labels
lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HumairAK @gmfrasca