Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make PR pipelines read only #343

Open
MarvinJWendt opened this issue Jan 8, 2024 · 0 comments
Open

Make PR pipelines read only #343

MarvinJWendt opened this issue Jan 8, 2024 · 0 comments
Labels
management Any issues for management stuff like configuring github. proposal Feature request

Comments

@MarvinJWendt
Copy link
Member

MarvinJWendt commented Jan 8, 2024
edited
Loading

Current Situation:

  • Dependabot Pull Requests (PRs) are scoped to read-only access (by GitHub policy).
  • Due to this limitation, the pipeline fails to execute on these PRs.

Proposed Solution:

  1. Separate the PR Pipeline:
    • Build and Test Stage: The PR pipeline should be restricted to read-only operations like building and testing.
    • Generation Stage: Move the write operations, such as documentation generation, to be executed only when changes are pushed to the main branch.

Advantages:

  • Security Enhancement: This approach adheres to best practices by ensuring that pipelines do not modify PRs, thereby preventing the bots from being a co-author on every PR.
  • Pipeline Efficiency: By splitting the pipeline, we can ensure smoother and more secure CI/CD processes.
@MarvinJWendt MarvinJWendt added proposal Feature request management Any issues for management stuff like configuring github. labels Jan 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
management Any issues for management stuff like configuring github. proposal Feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MarvinJWendt