Skip to content
This repository has been archived by the owner on Nov 4, 2024. It is now read-only.

Adding gitspiegel-trigger workflow #608

Merged
merged 2 commits into from
Nov 13, 2023
Merged

Adding gitspiegel-trigger workflow #608

merged 2 commits into from
Nov 13, 2023

Conversation

mutantcornholio
Copy link
Contributor

Using a workflow to trigger mirroring instead of a webhook allows us to reuse "Approving workflow runs from public forks" GitHub feature to somewhat protect us from malicious PRs

@mutantcornholio
Adding gitspiegel-trigger workflow
400767a 
Using a workflow to trigger mirroring instead of a webhook allows us to reuse "Approving workflow runs from public forks" GitHub feature to somewhat protect us from malicious PRs
@mutantcornholio
Copy link
Contributor Author

UPD: The first attept to use a workflow to protect GitLab CI from untrusted contributors failed, because GitHub doesn't pass secrets to workflows for PRs that originate from forks.

This uses a different approach: instead of triggerring gitspiegel API directly from the workflow, we're just spawning an empty workflow with a specific path, and gitspiegel listens for workflow_run event to start mirroring.

The idea is the same: for the first-time contributors, running workflows would require manual aciton and that would block mirroring. But this time, we don't need any secrets to make it work.

@mutantcornholio mutantcornholio merged commit 203962d into master Nov 13, 2023
3 checks passed
@mutantcornholio mutantcornholio deleted the yuri/gitspiegel-trigger branch November 13, 2023 09:42
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@alvicsam alvicsam alvicsam approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mutantcornholio @alvicsam