Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gitspiegel polkadot staging #2695

Merged
merged 2 commits into from
Nov 14, 2023
Merged

Conversation

svyatonik
Copy link
Contributor

@mutantcornholio Could you, please, confirm that those two commits will fix our problem. And the problem is that when we open PRs to polkadot-staging branch, no checks (apart from CLA) are running on that PR. For us it is important to run the same set of checks on PRs to both master and polkadot-staging branches.

Example PRs:

Using a workflow to trigger mirroring instead of a webhook allows us to reuse "Approving workflow runs from public forks" GitHub feature to somewhat protect us from malicious PRs
The first attept to use a workflow to protect GitLab CI from untrusted contributors failed, because GitHub doesn't pass secrets to workflows for PRs that originate from forks. 
 
This uses a different approach: instead of triggerring gitspiegel API directly from the workflow, we're just spawning an empty workflow with a specific path, and gitspiegel listens for `workflow_run` event to start mirroring.  

The idea is the same: for the first-time contributors, running workflows would require manual aciton and that would block mirroring. But this time, we don't need any secrets to make it work.
@svyatonik svyatonik requested a review from a team as a code owner November 14, 2023 09:13
@svyatonik
Copy link
Contributor Author

@mutantcornholio Could you, please, confirm that those two commits will fix our problem. And the problem is that when we open PRs to polkadot-staging branch, no checks (apart from CLA) are running on that PR. For us it is important to run the same set of checks on PRs to both master and polkadot-staging branches.

I think checks from above answers that. So nvm, thank you :)

@svyatonik svyatonik merged commit 03aaab2 into polkadot-staging Nov 14, 2023
1 check passed
@svyatonik svyatonik deleted the gitspiegel-polkadot-staging branch November 14, 2023 09:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants