Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(workflow): update logic for integration test latest run on macos runner #372

Merged
merged 1 commit into from
Oct 16, 2023
Merged

ci(workflow): update logic for integration test latest run on macos runner #372

merged 1 commit into from
Oct 16, 2023

Conversation

Sarthak-instill
Copy link
Member

Because

  • We have to update logic to run integration test latest workflow on macos runner

This commit

  • update logic for integration test latest run on macos runner

@linear
Copy link

linear bot commented Oct 16, 2023

INS-2157 Need to add a logic to trigger that job only when it’s a push event to the main branch for latest on macOS only

pinglin said:

sarthak.gupta We have a security concern here, about the self-hosted GA runner when being triggered by a PR head branch. If the PR head branch contains malicious codes (something like rm -rf /), the runner will execute it without any protection. We need to add a logic to trigger that job only when it’s a push event to the main branch (i.e., a reviewed PR merge), assuming only repo maintainers and admins can push to the main branch.

<https://github.com/instill-ai/model/blob/main/.github/workflows/helm-integration-test-backend.yml | helm-integration-test-backend.yml>

@Sarthak-instill Sarthak-instill force-pushed the sarthakgupta/ins-2157-need-to-add-a-logic-to-trigger-that-job-only-when-its-a-push branch from d77279f to ce16dae Compare October 16, 2023 10:49
@Sarthak-instill Sarthak-instill marked this pull request as ready for review October 16, 2023 10:49
pinglin
pinglin approved these changes Oct 16, 2023
View reviewed changes
Copy link
Member

@pinglin pinglin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pinglin pinglin merged commit 8f33dd5 into main Oct 16, 2023
26 of 27 checks passed
@pinglin pinglin deleted the sarthakgupta/ins-2157-need-to-add-a-logic-to-trigger-that-job-only-when-its-a-push branch October 16, 2023 12:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pinglin pinglin pinglin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
🔮 Instill Core
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Sarthak-instill @pinglin @droplet-bot