[21479] Allow runing CI on external contributions (backport #5220) #5287
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?s=60&v=4){kind=small}
* Refs #21479: Include labeling check Signed-off-by: JesusPoderoso <jesuspoderoso@eprosima.com> * Refs #21479: Keep 'Add label' job only in ubuntu workflow Signed-off-by: JesusPoderoso <jesuspoderoso@eprosima.com> * Refs #21479: Apply rev suggestions Signed-off-by: eProsima <jesuspoderoso@eprosima.com> --------- Signed-off-by: JesusPoderoso <jesuspoderoso@eprosima.com> Signed-off-by: eProsima <jesuspoderoso@eprosima.com> (cherry picked from commit 2d1e793)
7 tasks
JesusPoderoso
approved these changes
Oct 2, 2024
|
CI issues unrelated to the PR. |
JesusPoderoso
added
ready-to-merge
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds some logic to the CI to determine if an external contribution triggers the CI. In such a case, the CI avoids using the
external/add_labelaction which is not allowed in external contribution cases.A deep research on the literature brings some information regarding possible security issues while using
pull_request_targetCI triggers. As long as we only use thepull_requesttrigger, there is no need to include manual confirmation from a Collaborator with required permissions, from now on.NOTE: Adding the
skip-cilabel as long as the external contributions CI is tested from the following external PR:As part of the CI pipelines, this PR needs to be included also in the critical-security-fixes-only 2.6.x supported branch.
@Mergifyio backport 3.0.x 2.14.x 2.10.x 2.6.x
Contributor Checklist
Commit messages follow the project guidelines.
The code follows the style guidelines of this project.
N/A Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
N/A Any new/modified methods have been properly documented using Doxygen.
N/A Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
N/A Changes are backport compatible: they do NOT break ABI nor change library core behavior.
N/A Changes are API compatible.
N/A New feature has been added to the
versions.mdfile (if applicable).N/A New feature has been documented/Current behavior is correctly described in the documentation.
Applicable backports have been included in the description.
Reviewer Checklist
This is an automatic backport of pull request #5220 done by [Mergify](https://mergify.com).