Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[21479] Allow runing CI on external contributions #5220

Merged
merged 3 commits into from
Oct 2, 2024

Conversation

JesusPoderoso
Copy link
Contributor

@JesusPoderoso JesusPoderoso commented Sep 10, 2024

Description

This PR adds some logic to the CI to determine if an external contribution triggers the CI. In such a case, the CI avoids using the external/add_label action which is not allowed in external contribution cases.

A deep research on the literature brings some information regarding possible security issues while using pull_request_target CI triggers. As long as we only use the pull_request trigger, there is no need to include manual confirmation from a Collaborator with required permissions, from now on.

NOTE: Adding the skip-ci label as long as the external contributions CI is tested from the following external PR:

As part of the CI pipelines, this PR needs to be included also in the critical-security-fixes-only 2.6.x supported branch.

@Mergifyio backport 3.0.x 2.14.x 2.10.x 2.6.x

Contributor Checklist

  • Commit messages follow the project guidelines.
  • The code follows the style guidelines of this project.
  • N/A Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
  • N/A Any new/modified methods have been properly documented using Doxygen.
  • N/A Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
  • N/A Changes are backport compatible: they do NOT break ABI nor change library core behavior.
  • N/A Changes are API compatible.
  • N/A New feature has been added to the versions.md file (if applicable).
  • N/A New feature has been documented/Current behavior is correctly described in the documentation.
  • Applicable backports have been included in the description.

Reviewer Checklist

  • The PR has a milestone assigned.
  • The title and description correctly express the PR's purpose.
  • Check contributor checklist is correct.
  • If this is a critical bug fix, backports to the critical-only supported branches have been requested.
  • N/A Check CI results: changes do not issue any warning.
  • N/A Check CI results: failing tests are unrelated with the changes.

@JesusPoderoso JesusPoderoso added the skip-ci Automatically pass CI label Sep 10, 2024
@JesusPoderoso JesusPoderoso added this to the v3.0.2 milestone Sep 10, 2024
@JesusPoderoso JesusPoderoso self-assigned this Sep 10, 2024
@JesusPoderoso JesusPoderoso added the needs-review PR that is ready to be reviewed label Sep 10, 2024
@MiguelCompany
Copy link
Member

@Mergifyio rebase

Copy link
Contributor

mergify bot commented Sep 18, 2024

rebase

✅ Branch has been successfully rebased

Copy link
Member

@MiguelCompany MiguelCompany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps we could make a separate workflow for PR labeling?

@MiguelCompany MiguelCompany modified the milestones: v3.0.2, v3.1.0 Oct 2, 2024
Copy link
Member

@MiguelCompany MiguelCompany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apart from my comments below, this needs a rebase after #5285

.github/workflows/reusable-ubuntu-ci.yml Outdated Show resolved Hide resolved
.github/workflows/ubuntu-ci.yml Outdated Show resolved Hide resolved
@MiguelCompany MiguelCompany removed the needs-review PR that is ready to be reviewed label Oct 2, 2024
Copy link
Member

@MiguelCompany MiguelCompany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with green build on #5242

@MiguelCompany
Copy link
Member

@Mergifyio backport 3.0.x 2.14.x 2.10.x 2.6.x

Copy link
Contributor

mergify bot commented Oct 2, 2024

backport 3.0.x 2.14.x 2.10.x 2.6.x

✅ Backports have been created

@MiguelCompany MiguelCompany merged commit 2d1e793 into master Oct 2, 2024
3 checks passed
@MiguelCompany MiguelCompany deleted the feature/allow_external_CI branch October 2, 2024 11:00
mergify bot pushed a commit that referenced this pull request Oct 2, 2024
* Refs #21479: Include labeling check

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Keep 'Add label' job only in ubuntu workflow

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Apply rev suggestions

Signed-off-by: eProsima <[email protected]>

---------

Signed-off-by: JesusPoderoso <[email protected]>
Signed-off-by: eProsima <[email protected]>
(cherry picked from commit 2d1e793)
mergify bot pushed a commit that referenced this pull request Oct 2, 2024
* Refs #21479: Include labeling check

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Keep 'Add label' job only in ubuntu workflow

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Apply rev suggestions

Signed-off-by: eProsima <[email protected]>

---------

Signed-off-by: JesusPoderoso <[email protected]>
Signed-off-by: eProsima <[email protected]>
(cherry picked from commit 2d1e793)
mergify bot pushed a commit that referenced this pull request Oct 2, 2024
* Refs #21479: Include labeling check

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Keep 'Add label' job only in ubuntu workflow

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Apply rev suggestions

Signed-off-by: eProsima <[email protected]>

---------

Signed-off-by: JesusPoderoso <[email protected]>
Signed-off-by: eProsima <[email protected]>
(cherry picked from commit 2d1e793)
mergify bot pushed a commit that referenced this pull request Oct 2, 2024
* Refs #21479: Include labeling check

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Keep 'Add label' job only in ubuntu workflow

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Apply rev suggestions

Signed-off-by: eProsima <[email protected]>

---------

Signed-off-by: JesusPoderoso <[email protected]>
Signed-off-by: eProsima <[email protected]>
(cherry picked from commit 2d1e793)
JesusPoderoso added a commit that referenced this pull request Oct 3, 2024
* Refs #21479: Include labeling check

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Keep 'Add label' job only in ubuntu workflow

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Apply rev suggestions

Signed-off-by: eProsima <[email protected]>

---------

Signed-off-by: JesusPoderoso <[email protected]>
Signed-off-by: eProsima <[email protected]>
(cherry picked from commit 2d1e793)

Co-authored-by: Jesús Poderoso <[email protected]>
MiguelCompany pushed a commit that referenced this pull request Oct 3, 2024
* Refs #21479: Include labeling check

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Keep 'Add label' job only in ubuntu workflow

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Apply rev suggestions

Signed-off-by: eProsima <[email protected]>

---------

Signed-off-by: JesusPoderoso <[email protected]>
Signed-off-by: eProsima <[email protected]>
(cherry picked from commit 2d1e793)

Co-authored-by: Jesús Poderoso <[email protected]>
MiguelCompany pushed a commit that referenced this pull request Oct 3, 2024
* Refs #21479: Include labeling check

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Keep 'Add label' job only in ubuntu workflow

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Apply rev suggestions

Signed-off-by: eProsima <[email protected]>

---------

Signed-off-by: JesusPoderoso <[email protected]>
Signed-off-by: eProsima <[email protected]>
(cherry picked from commit 2d1e793)

Co-authored-by: Jesús Poderoso <[email protected]>
MiguelCompany pushed a commit that referenced this pull request Oct 3, 2024
* Refs #21479: Include labeling check

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Keep 'Add label' job only in ubuntu workflow

Signed-off-by: JesusPoderoso <[email protected]>

* Refs #21479: Apply rev suggestions

Signed-off-by: eProsima <[email protected]>

---------

Signed-off-by: JesusPoderoso <[email protected]>
Signed-off-by: eProsima <[email protected]>
(cherry picked from commit 2d1e793)

Co-authored-by: Jesús Poderoso <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
skip-ci Automatically pass CI
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants