Add check for actions triggered by cron #5641
Conversation
|
Want to review this pull request? Take a look at this documentation for a step by step guide! From your project repository, check out a new branch and test the changes. |
t-will-gillis
added
Bug
There was a problem hiding this comment.
Hi @aramattamara Thank you for the PR which appears to be a failsafe to prevent a GHA from running inadvertently when a dev has authorized a token in their personal repo with the same name as the HfLA token. I agree with you that this is a worthwhile and easy ‘safety’ measure.
For the schedule-monthly-PREV.yml file, ideally this will be deleted by PR #5467 before it is scheduled to run again on Nov 1st, but just in case it isn’t, this is an easy solution. Incidentally, to be doubly sure lines 4 & 5 can be replaced with workflow_dispatch:. (Of course, I should have done this from the beginning but I did not think the last PR was going to be active this long.)
For the schedule-fri-0700.yml, I don’t believe that the repo check is needed because the secrets.IN_PROGRESS_COLUMN_ID only refers to HfLA’s Project Board. Since the personal repos do not know this secret, they won’t trigger the action. For that reason, and since we have not tested to confirm that there are no unexpected results from adding the repo check, I do not believe we should update this GHA (If it ain’t broke…)
For the future, this will be a good reminder to make sure that scopes are set appropriately to prevent individuals from accidentally triggering GHAs- thank you for pointing this out.
If you could make the change(s) to schedule-monthly-PREV.yml, I can re-review and merge it.
I will add labels, and if you think of any notes to add to the description for clarification, please do.
Thanks!
|
Hi @t-will-gillis, thanks for your detailed feedback! I've implemented the changes you suggested in the I also reverted the |
Improves #5639
What changes did you make?
Why did you make the changes (we will use this info to test)?