Skip to content

[TT-16977] fix: trigger release workflow on PR labeled event #975

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
buger merged 1 commit into from
Apr 17, 2026
Merged

[TT-16977] fix: trigger release workflow on PR labeled event #975

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@
schedule:
- cron: "0 0 * * 1"
pull_request:
types: [opened, synchronize, reopened, labeled]

Check warning on line 19 in .github/workflows/release.yml

View check run for this annotation

probelabs / Visor: security

security Issue 

The `release.yml` workflow is triggered on the `pull_request` `labeled` event. This workflow contains a `release` job that is only intended for pushes to the `master` branch, which could lead to unintended behavior or resource consumption if triggered by labeling a pull request. The `release` job includes steps for building and pushing Docker images and creating GitHub releases, which should not run on pull request events.
Raw output 
To prevent the `release` job from running on pull request events, add a condition to the job to ensure it only runs on pushes to the `master` branch. The `dep-guard` job already has a condition to run on pull requests, which is correct. Apply a similar, but more restrictive, condition to the `release` job.

```yaml
  release:
    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
    needs: [linter, test]
    runs-on: ubuntu-latest
```

Check warning on line 19 in .github/workflows/release.yml

View check run for this annotation

probelabs / Visor: performance

performance Issue 

The workflow trigger `labeled` will cause this workflow to run every time any label is added to a pull request. This can lead to excessive, unnecessary workflow executions, consuming CI/CD resources and potentially increasing queue times for other builds. The pull request description states the goal is to trigger for the `deps-reviewed` label specifically.
Raw output 
To prevent unnecessary runs, add a condition to the job(s) within this workflow to check if the added label is `deps-reviewed`. This ensures the workflow only proceeds when the specific, intended event occurs.

Example condition for a job:
```yaml
if: github.event.action != 'labeled' || github.event.label.name == 'deps-reviewed'
```
This condition allows the job to run for other pull request events (`opened`, `synchronize`, `reopened`) while restricting the `labeled` event to only the `deps-reviewed` label.

Check warning on line 19 in .github/workflows/release.yml

View check run for this annotation

probelabs / Visor: architecture

architecture Issue 

The `pull_request` trigger is configured to run on the `labeled` event, which will fire every time any label is added to a pull request. The pull request description states the intent is to react specifically to the `deps-reviewed` label. This broad trigger could lead to numerous unnecessary workflow runs, consuming resources and cluttering the Actions tab.
Raw output 
Add a condition to the relevant job(s) within this workflow to ensure they only execute for the intended `deps-reviewed` label. A condition like `if: contains(github.event.pull_request.labels.*.name, 'deps-reviewed')` would ensure the job runs only when this specific label is present, which covers both initial PR creation and the `labeled` event.
push:

Check warning on line 20 in .github/workflows/release.yml

View check run for this annotation

probelabs / Visor: quality

performance Issue 

The `pull_request` trigger with type `labeled` will cause this workflow to run every time any label is added to a pull request. According to the pull request description, the intent is to trigger the workflow only for the `deps-reviewed` label. This broad trigger could lead to excessive and unnecessary workflow runs, consuming CI resources.
Raw output 
To ensure the workflow only runs when a specific label is added, add a condition to the relevant job(s) in this workflow. For example: `if: github.event.action == 'labeled' && github.event.label.name == 'deps-reviewed'`.
branches:
- master
- release-**
Expand Down
Loading