Skip to content

Enable forced confirmation for GH actions for external committers

Summary

Currently, if an project-external opens a PR a project lead must confirm one times that GH actions can be executed inside the PR. However, after this one time approval the committer can execute the GH actions with every commit. A committer might inject the pipeline or do something unwanted with the CI / CD pipeline.

We wanted to change the setting that every commit on a PR that was not opened by an official contributor must be approved by an project lead allowing GH actions to be executed.

The setting is not available via the self-service.

Repository: https://github.com/eclipse-ankaios/ankaios

Steps to reproduce

Described above in the summary.

What is the current bug behavior?

Only one time approvals for GH actions for external committers not being elected as official contributors.

What is the expected correct behavior?

GH actions shall require always a confirmation by a project lead.

Relevant logs and/or screenshots

Priority

  • Urgent
  • High
  • Medium
  • Low

Severity

  • Blocker
  • Major
  • Normal
  • Low

Impact

Impact on security.

Edited by Oliver Klapper

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent