chore(ci): Enable PR tagged images on pull request approval #300
Conversation
|
Love the concept, only thing is we need to make sure that commits made after a PR is approved for runs aren't run until re-approved, otherwise you could get a PR approved and then do something malicious after the fact. |
|
Very true. I'll look into it |
|
So, here's what I'm thinking. Instead of using the |
EyeCantCU
force-pushed
the
enable-pr-tagged-images
branch
from
bc1e214
to
f62077e
Compare
EyeCantCU
changed the title
|
Everything is in place now for this to work properly, save for the branch protection rule |
This hopefully isn't a big problem. Hmm... except maybe? Contributors should be encouraged to run their builds locally... but I guess workflow changes are something not as easily tested since i don't think they'll run in a fork. |
My latest push fixed this |
Submits an image to the GitHub Container Registry on pull request approval, permitting approved pull requests to be tested before being merged. Requires branch protection rule: 'Require approval of the most recent reviewable push' This rule ensures that the state of a PR is reset after a new commit has been pushed to an open pull request.
EyeCantCU
force-pushed
the
enable-pr-tagged-images
branch
from
f62077e
to
e18041b
Compare
|
Latest push ensures that the PR number is applied to the tag and that builds triggered by pull_request_review only run on approvals |
Submits an image to the GitHub Container Registry on pull request approval, permitting approved pull requests to be tested before being merged.
Requires branch protection rule: 'Require approval of the most recent reviewable push'
This rule ensures that the state of a PR is reset after a new commit has been pushed to an open pull request.