-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(ci): Enable PR tagged images on pull request approval #300
Conversation
Love the concept, only thing is we need to make sure that commits made after a PR is approved for runs aren't run until re-approved, otherwise you could get a PR approved and then do something malicious after the fact. |
Very true. I'll look into it |
So, here's what I'm thinking. Instead of using the |
bc1e214
to
f62077e
Compare
Everything is in place now for this to work properly, save for the branch protection rule |
This hopefully isn't a big problem. Hmm... except maybe? Contributors should be encouraged to run their builds locally... but I guess workflow changes are something not as easily tested since i don't think they'll run in a fork. |
My latest push fixed this |
Submits an image to the GitHub Container Registry on pull request approval, permitting approved pull requests to be tested before being merged. Requires branch protection rule: 'Require approval of the most recent reviewable push' This rule ensures that the state of a PR is reset after a new commit has been pushed to an open pull request.
f62077e
to
e18041b
Compare
Latest push ensures that the PR number is applied to the tag and that builds triggered by pull_request_review only run on approvals |
Submits an image to the GitHub Container Registry on pull request approval, permitting approved pull requests to be tested before being merged.
Requires branch protection rule: 'Require approval of the most recent reviewable push'
This rule ensures that the state of a PR is reset after a new commit has been pushed to an open pull request.