Skip to content

Commit

Permalink
Allow access to secrets for external contributors (#574)
Browse files Browse the repository at this point in the history
* Allow access to secrets for external contributors

...after requiring manual approval through GitHub Environments

* Protect lint job with GitHub Environments

* Move authorization to a separate job
  • Loading branch information
0x2b3bfa0 authored Jun 4, 2021
1 parent d6ba789 commit df96949
Showing 1 changed file with 16 additions and 5 deletions.
21 changes: 16 additions & 5 deletions .github/workflows/test-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,23 +4,31 @@ on:
- cron: 0 0 * * *
release:
types: [published]
pull_request:
pull_request_target:
jobs:
authorize:
environment:
${{ (github.event_name == 'pull_request_target' &&
github.event.pull_request.head.repo.full_name != github.repository) &&
'external' || 'internal' }}
runs-on: ubuntu-latest
lint:
needs: authorize
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- uses: actions/setup-node@v2
- run: npm ci
- run: npm run lint
test:
environment:
${{ (github.event_name == 'pull_request' &&
github.event.pull_request.head.repo.full_name != github.repository) &&
'test-external' || 'test-internal' }}
needs: authorize
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- uses: actions/setup-node@v2
- uses: actions/setup-python@v2
- run: pip install tensorboard
Expand All @@ -42,6 +50,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- uses: actions/setup-node@v2
with:
registry-url: https://registry.npmjs.org
Expand Down Expand Up @@ -73,6 +83,7 @@ jobs:
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
fetch-depth: 0
- name: Metadata
id: metadata
Expand Down

0 comments on commit df96949

Please sign in to comment.