Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deployment preview workflow #203

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Deployment preview workflow #203

wants to merge 7 commits into from

Conversation

shubhusion
Copy link
Contributor

@shubhusion shubhusion commented May 28, 2024
edited
Loading

Summary of Changes

Created a new yml file and updated workflow

Related Issue

Closes #91

Checklist

  • I have read and followed the project's contribution guidelines, including code style and commit message conventions.
  • My code is well-documented, and I've updated relevant documentation.
  • I have added or updated test cases to ensure the code's functionality.
  • I have tested these changes on my local environment.
  • All tests pass, and there are no new linting errors.
  • I have reviewed and proofread my code and the changes.
  • The branch is up-to-date with the base branch.

Screenshots (if applicable)

Attach any screenshots or images related to the changes.

Additional Context

Add any additional context or information that might be helpful for reviewers.

Reviewer(s)

@Abhijay007 @jhdalek55

@argos-ci Argos CI
Copy link

argos-ci bot commented May 28, 2024
edited
Loading

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build Status Details Updated (UTC)
default (Inspect) ✅ Reference build (Review) 1 changed May 28, 2024, 9:57 AM

@shubhusion
Copy link
Contributor Author

shubhusion commented May 28, 2024
edited
Loading

It seems Github-action-bot do not have access to make changes in the repo. I am getting an error in that line.

image

@Abhijay007 Abhijay007 requested a review from hexsecs May 28, 2024 08:58
@Abhijay007
Copy link
Collaborator

It seems Github-action-bot do not have access to make changes in the repo. I am getting an error in that line.

Seems like a permission error, maybe need to config a new GitHub token, cc: @hexsecs, @tkfu

@shubhusion
Copy link
Contributor Author

@hexsecs please review this PR

@Abhijay007 Abhijay007 requested a review from tkfu June 7, 2024 02:57
@hexsecs
Copy link
Member

hexsecs commented Jun 18, 2024

We need to investigate how to make this secure. We don't want to allow anyone to arbitrarily publish to the uptane.org domain by issuing a pull request.

1 similar comment
@hexsecs
Copy link
Member

hexsecs commented Jun 18, 2024
edited
Loading

We need to investigate how to make this secure. We don't want to allow anyone to arbitrarily publish to the uptane.org domain by issuing a pull request.

@tkfu
Copy link
Member

tkfu commented Aug 27, 2024

I missed this one when it first came around. The security part can be solved by a setting in the repository permissions @hexsecs :

image

We already have it set so that a PR from a first-time contributor won't automatically trigger any workflows; we can potentially tighten it up more so that it requires manual approval to run all workflows for external contributors. I think I'm ok with the risk profile of our current setting.

@tkfu
Copy link
Member

tkfu commented Aug 27, 2024

Github posted a blog about this a couple years ago when they introduced the feature: https://github.blog/open-source/maintainers/github-actions-update-helping-maintainers-combat-bad-actors/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hexsecs hexsecs Awaiting requested review from hexsecs

@tkfu tkfu Awaiting requested review from tkfu

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature Request : Deployment preview Workflow/GHA
4 participants
@shubhusion @Abhijay007 @hexsecs @tkfu