| commit | 91fdb20915696ab955be0baea18b976717e370b9 | |
| author | Tom Stellard <tstellar@redhat.com> | |
| Sat, 9 Sep 2023 05:03:09 +0000 (8 22:03 -0700) | ||
| committer | Tom Stellard <tstellar@redhat.com> | |
| Sat, 9 Sep 2023 05:09:33 +0000 (8 22:09 -0700) | ||
| tree | 49459d4d5378715af9fa5846e4110be57338896a | treesnapshot (tar.gz zip) |
| parent | 358d9dbf4f1b9b3b166139a366d0e8c5162988c0 | commitdiff |
workflows: Split new-prs into two workflows
We cannot use the default github token for labeling PRs, because this
will not trigger the PR Subscriber job. However, we weren't allowed to
use a different token via a secret, because secrets aren't allowed
in PR workflows.
The solution is to create two workflows, the first accepts the
pull_request_taget event extracts the PR number and then starts
the second workflow which adds the labels to the PRs.
This separation ensures that nothing malicious in the first workflow is
able to access the secret we use in the second workflow.
We cannot use the default github token for labeling PRs, because this
will not trigger the PR Subscriber job. However, we weren't allowed to
use a different token via a secret, because secrets aren't allowed
in PR workflows.
The solution is to create two workflows, the first accepts the
pull_request_taget event extracts the PR number and then starts
the second workflow which adds the labels to the PRs.
This separation ensures that nothing malicious in the first workflow is
able to access the secret we use in the second workflow.
| .github/workflows/new-prs.yml | diffblobblamehistory | |
| .github/workflows/pr-receive.yml | [new file with mode: 0644] | blob |