[21479] Allow runing CI on external contributions

[JesusPoderoso]

Description

This PR adds some logic to the CI to determine if an external contribution triggers the CI. In such a case, the CI avoids using the external/add_label action which is not allowed in external contribution cases.

A deep research on the literature brings some information regarding possible security issues while using pull_request_target CI triggers. As long as we only use the pull_request trigger, there is no need to include manual confirmation from a Collaborator with required permissions, from now on.

NOTE: Adding the skip-ci label as long as the external contributions CI is tested from the following external PR:

• [21479] Allow runing CI on external contributions test #5219

As part of the CI pipelines, this PR needs to be included also in the critical-security-fixes-only 2.6.x supported branch.

@Mergifyio backport 3.0.x 2.14.x 2.10.x 2.6.x

Contributor Checklist

• Commit messages follow the project guidelines.
• The code follows the style guidelines of this project.
• N/A Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
• N/A Any new/modified methods have been properly documented using Doxygen.
• N/A Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
• N/A Changes are backport compatible: they do NOT break ABI nor change library core behavior.
• N/A Changes are API compatible.
• N/A New feature has been added to the versions.md file (if applicable).
• N/A New feature has been documented/Current behavior is correctly described in the documentation.
• Applicable backports have been included in the description.

Reviewer Checklist

• The PR has a milestone assigned.
• The title and description correctly express the PR's purpose.
• Check contributor checklist is correct.
• If this is a critical bug fix, backports to the critical-only supported branches have been requested.
• N/A Check CI results: changes do not issue any warning.
• N/A Check CI results: failing tests are unrelated with the changes.

[MiguelCompany]

@Mergifyio rebase

[mergify]

rebase

✅ Branch has been successfully rebased

[MiguelCompany]

Perhaps we could make a separate workflow for PR labeling?

[MiguelCompany]

Apart from my comments below, this needs a rebase after #5285

[MiguelCompany]

LGTM with green build on #5242

[MiguelCompany]

@Mergifyio backport 3.0.x 2.14.x 2.10.x 2.6.x

[mergify]

backport 3.0.x 2.14.x 2.10.x 2.6.x

✅ Backports have been created

• #5287 [21479] Allow runing CI on external contributions (backport #5220) has been created for branch 3.0.x
• #5288 [21479] Allow runing CI on external contributions (backport #5220) has been created for branch 2.14.x
• #5289 [21479] Allow runing CI on external contributions (backport #5220) has been created for branch 2.10.x
• #5290 [21479] Allow runing CI on external contributions (backport #5220) has been created for branch 2.6.x