Skip to content

Deployment preview workflow#203

Open
shubhusion wants to merge 7 commits intouptane:mainfrom
shubhusion:main
Open

Deployment preview workflow#203
shubhusion wants to merge 7 commits intouptane:mainfrom
shubhusion:main

Conversation

@shubhusion
Copy link
Contributor

@shubhusion shubhusion commented May 28, 2024
edited
Loading

Summary of Changes

Created a new yml file and updated workflow

Related Issue

Closes #91

Checklist

  • I have read and followed the project's contribution guidelines, including code style and commit message conventions.
  • My code is well-documented, and I've updated relevant documentation.
  • I have added or updated test cases to ensure the code's functionality.
  • I have tested these changes on my local environment.
  • All tests pass, and there are no new linting errors.
  • I have reviewed and proofread my code and the changes.
  • The branch is up-to-date with the base branch.

Screenshots (if applicable)

Attach any screenshots or images related to the changes.

Additional Context

Add any additional context or information that might be helpful for reviewers.

Reviewer(s)

@Abhijay007 @jhdalek55

@argos-ci
Copy link

argos-ci bot commented May 28, 2024
edited
Loading

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build Status Details Updated (UTC)
default (Inspect) ✅ Reference build (Review) 1 changed May 28, 2024, 9:57 AM

@shubhusion
Copy link
Contributor Author

shubhusion commented May 28, 2024
edited
Loading

It seems Github-action-bot do not have access to make changes in the repo. I am getting an error in that line.

image

@Abhijay007 Abhijay007 requested a review from hexsecs May 28, 2024 08:58
@Abhijay007
Copy link
Collaborator

Abhijay007 commented May 28, 2024

It seems Github-action-bot do not have access to make changes in the repo. I am getting an error in that line.

Seems like a permission error, maybe need to config a new GitHub token, cc: @hexsecs, @tkfu

@shubhusion
Copy link
Contributor Author

shubhusion commented Jun 2, 2024

@hexsecs please review this PR

@Abhijay007 Abhijay007 requested a review from tkfu June 7, 2024 02:57
@hexsecs
Copy link
Member

hexsecs commented Jun 18, 2024

We need to investigate how to make this secure. We don't want to allow anyone to arbitrarily publish to the uptane.org domain by issuing a pull request.

1 similar comment
@hexsecs
Copy link
Member

hexsecs commented Jun 18, 2024
edited
Loading

We need to investigate how to make this secure. We don't want to allow anyone to arbitrarily publish to the uptane.org domain by issuing a pull request.

@tkfu
Copy link
Member

tkfu commented Aug 27, 2024

I missed this one when it first came around. The security part can be solved by a setting in the repository permissions @hexsecs :

image

We already have it set so that a PR from a first-time contributor won't automatically trigger any workflows; we can potentially tighten it up more so that it requires manual approval to run all workflows for external contributors. I think I'm ok with the risk profile of our current setting.

@tkfu
Copy link
Member

tkfu commented Aug 27, 2024

Github posted a blog about this a couple years ago when they introduced the feature: https://github.blog/open-source/maintainers/github-actions-update-helping-maintainers-combat-bad-actors/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hexsecs hexsecs Awaiting requested review from hexsecs

@tkfu tkfu Awaiting requested review from tkfu

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature Request : Deployment preview Workflow/GHA

4 participants

@shubhusion @Abhijay007 @hexsecs @tkfu