database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
3,580 Commits 1 Branch 0 Tags
200210e7084ecb100b4c0a975a99df1015a89b60
Commit Graph

4 Commits

Author SHA1 Message Date
kezhenxu94
270bebe196 [chore](github) Add third-party GitHub Action as submodule to allow it to run (#7280) 
Add the 3rd-party GHA as submodule so that it can be run without asking to add it into allow list.
 2021-12-04 19:43:30 +08:00
Mingyu Chen
e74bfea8e4 [chore](clang-format)(license-eye) Add Clang Format/Skywalking eyes github action (#7132) 
1. The clang format action will be triggered when a PR is submitted.
2. Skywalking eyes actions will be triggered when a PR is submitted and after merging to master branch.
 2021-11-24 10:41:02 +08:00
Tobiasz Kędzierski
8d1c1ef1e6 [Community] Fix PR labeling github action workflow (#6279) 
My change is the fix and improvement for github action which labels approved PRs (introduced in this [PR](https://github.com/apache/incubator-doris/pull/6239)).

It is inspired by solution introduced and tested in [Apache Airflow](https://github.com/apache/airflow) (thanks @potiuk @ashb 🚀 )

Corresponding Apache Airflow workflows on which I based this PR:
 - https://github.com/apache/airflow/blob/main/.github/workflows/label_when_reviewed.yml
 - https://github.com/apache/airflow/blob/main/.github/workflows/label_when_reviewed_workflow_run.yml

Problems which were solved in this PR:

 - **Permissions**.
  @morningman opened a related bug: [[Help] Error: Resource not accessible by integration](https://github.com/TobKed/label-when-approved-action/issues/7). It is related to limited permissions of workflows being triggered by `pull_request_review` (`GITHUB_TOKEN` has read-only permissions). More information about it you can find in the article:  [Keeping your GitHub Actions and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).
   TL;DR:  On pull request review event (`on: pull_request_review` ) "dummy" workflow `Label when reviewed` triggers another workflow `Label when approved workflow run` which has sufficient permissions (`on:  workflow_run:  workflows: ["Label when reviewed"]`).

 - **Safe use of 3rd-party Github Actions by using submodules pattern.**  It is decribed in:    
 https://cwiki.apache.org/confluence/display/BUILDS/GitHub+Actions+status

    >  NEVER use 3rd-party actions directly in your workflows - use the "submodule" pattern.
    
    This pattern is successfully used by projects like:
     - [Apache Airflow](https://github.com/apache/airflow) ([PR](https://github.com/apache/airflow/pull/13514#))
     - [Apache Beam](https://github.com/apache/beam) ([PR](https://github.com/apache/beam/pull/13736))
     - [Apache Superset](https://github.com/apache/superset) ([PR](https://github.com/apache/superset/pull/12709))
 2021-07-25 22:22:09 +08:00
Mingyu Chen
e905dd84c8 [Community] Add an github action to auto add 'approved' label (#6239) 
1. If any committer APPROVE a PR, the label 'approved' will be added.
2. If any other reviewed APPROVE a PR, the label 'reviewed' will be added.
 2021-07-14 21:12:42 +08:00