CSPL-4372: Add approval gate workflow and integrate into existing Git… #1654
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…Hub Actions - Created a new approval gate workflow to manage pull request approvals based on author association. - Updated existing workflows to use the approval gate, ensuring that checks are performed before proceeding with build and test jobs. - Changed event trigger from `pull_request` to `pull_request_target` for better security and context handling.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
… SHA reference - Updated all workflows to replace actions/checkout@v2 and actions/checkout@v3 with actions/checkout@v6. - Added support for referencing the merge commit SHA or the current SHA for better consistency in builds.
…ain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…tency and compatibility
…target event - Added branch filters for the pull_request_target event in both build-test-push and prodsec workflows to include 'develop' and 'CSPL-4372-add-approval-gate-exec-in-target'. This enhances security and ensures workflows are triggered only for specified branches.
…and modify approval gate logic - Added branch filters for the `pull_request_target` event to specify 'develop' and 'CSPL-4372-add-approval-gate-exec-in-target'. - Updated the approval gate logic to conditionally set the environment based on the author association of the pull request, enhancing security for external contributors.
…st event - Changed the event trigger from `pull_request_target` to `pull_request`, removing specific branch filters for enhanced flexibility in workflow execution.
- Added an approval gate job to the workflow to manage pull request approvals. - Updated the check-formating job to depend on the approval gate, ensuring that checks are performed before proceeding with formatting steps.
- Enhanced the approval status job in the approval gate workflow by adding a debug statement to echo the pull request details, aiding in troubleshooting and visibility during workflow execution.
- Updated the approval status job in the approval gate workflow to output the pull request details in JSON format, improving visibility and debugging capabilities during workflow execution.
Collaborator
Pull Request Test Coverage Report for Build 20376758279Details
💛 - Coveralls |
…nd upgrade checkout action - Modified all workflows to use the commit SHA output from the approval gate, ensuring consistency in the reference used during the checkout process. - Upgraded the actions/checkout version from v4 to v6 across all workflows for improved performance and compatibility.
kubabuczak
temporarily deployed
to
external-contributor-approval
GitHub Actions
Inactive
…ain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
kubabuczak
temporarily deployed
to
external-contributor-approval
GitHub Actions
Inactive
- Updated the approval gate job to depend on the get-commit-info job, ensuring that commit information is available before proceeding with the approval process.
kubabuczak
temporarily deployed
to
external-contributor-approval
GitHub Actions
Inactive
…lated steps - Commented out the unit-tests job and its dependencies in the build-test-push workflow to streamline the process. - Retained the structure for potential future reactivation of unit tests while maintaining the overall workflow integrity.
kubabuczak
deployed
to
external-contributor-approval
GitHub Actions
Active
…nches for pull requests - Changed the event trigger from `pull_request` to `pull_request_target` with specified branches: 'develop' and 'CSPL-4372-add-approval-gate-exec-in-target', enhancing control over workflow execution.
- Added steps to the approval gate job to retrieve the commit SHA and message from the pull request, improving the workflow's ability to handle commit information effectively. - Updated the environment condition to ensure proper execution based on author association and event type.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…Hub Actions
pull_requesttopull_request_targetfor better security and context handling.Description
What does this PR have in it?
Key Changes
Highlight the updates in specific files
Testing and Verification
How did you test these changes? What automated tests are added?
Related Issues
Jira tickets, GitHub issues, Support tickets...
PR Checklist