CSPL-4372: Add approval gate workflow and integrate into existing Git… #1654
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…Hub Actions - Created a new approval gate workflow to manage pull request approvals based on author association. - Updated existing workflows to use the approval gate, ensuring that checks are performed before proceeding with build and test jobs. - Changed event trigger from `pull_request` to `pull_request_target` for better security and context handling.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
… SHA reference - Updated all workflows to replace actions/checkout@v2 and actions/checkout@v3 with actions/checkout@v6. - Added support for referencing the merge commit SHA or the current SHA for better consistency in builds.
…ain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…tency and compatibility
…target event - Added branch filters for the pull_request_target event in both build-test-push and prodsec workflows to include 'develop' and 'CSPL-4372-add-approval-gate-exec-in-target'. This enhances security and ensures workflows are triggered only for specified branches.
…and modify approval gate logic - Added branch filters for the `pull_request_target` event to specify 'develop' and 'CSPL-4372-add-approval-gate-exec-in-target'. - Updated the approval gate logic to conditionally set the environment based on the author association of the pull request, enhancing security for external contributors.
…st event - Changed the event trigger from `pull_request_target` to `pull_request`, removing specific branch filters for enhanced flexibility in workflow execution.
- Added an approval gate job to the workflow to manage pull request approvals. - Updated the check-formating job to depend on the approval gate, ensuring that checks are performed before proceeding with formatting steps.
- Enhanced the approval status job in the approval gate workflow by adding a debug statement to echo the pull request details, aiding in troubleshooting and visibility during workflow execution.
- Updated the approval status job in the approval gate workflow to output the pull request details in JSON format, improving visibility and debugging capabilities during workflow execution.
Collaborator
Pull Request Test Coverage Report for Build 20376758279Details
💛 - Coveralls |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…Hub Actions
pull_requesttopull_request_targetfor better security and context handling.Description
What does this PR have in it?
Key Changes
Highlight the updates in specific files
Testing and Verification
How did you test these changes? What automated tests are added?
Related Issues
Jira tickets, GitHub issues, Support tickets...
PR Checklist