fix(ci): skip autolabeler in PR from forks#1612
Conversation
github-project-automation
Bot
moved this to Pending review
in Kubewarden Admission Controller
There was a problem hiding this comment.
Pull request overview
Updates the Autolabeler GitHub Actions workflow to avoid attempting to label pull requests originating from forks (where the GITHUB_TOKEN is read-only), aligning with the removal of pull_request_target triggers.
Changes:
- Add workflow-level
permissions: contents: read. - Skip the autolabeler job for fork-based pull requests using a job-level
ifcondition.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
jvanz
force-pushed
the
fix-autolabeler-skip-fork-prs
branch
from
dad27f1 to
baba082
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Following the reconmendation from the SUSE security team, the `pull_request_target` triggers from all our CI files have been removed. However, this trigger is required to allow the autolabeler action tagging PRs from forks. It's not possible to use `pull_request` only because Github by default set all the permissions to read-only for this trigger. Ignoring what it is defined in the CI file. Because of that, this commit updates the autolabeler CI workflow to skip the tagging when the PR came from a fork. Signed-off-by: José Guilherme Vanz <jguilhermevanz@suse.com>
jvanz
force-pushed
the
fix-autolabeler-skip-fork-prs
branch
from
baba082 to
7e02c89
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1612 +/- ##
==========================================
+ Coverage 80.42% 80.46% +0.03%
==========================================
Files 127 127
Lines 16411 16411
==========================================
+ Hits 13199 13205 +6
+ Misses 3212 3206 -6
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
github-project-automation
Bot
moved this from Pending review
to Done
in Kubewarden Admission Controller
Description
Following the recommendation from the SUSE security team, the
pull_request_targettriggers from all our CI files have been removed. However, this trigger is required to allow the autolabeler action tagging PRs from forks. It's not possible to usepull_requestonly because Github by default set all the permissions to read-only for this trigger. Ignoring what it is defined in the CI file.Because of that, this PR updates the autolabeler CI workflow to skip the tagging when the PR came from a fork.