Add a secure way to run CI workflow from a non-maintainer contributor

### What is the feature/what would you like to discuss?

Currently any pull request from a fork or non-maintainer contributor (e.g., https://github.com/NCAR/StormSPEED/pull/65) won't trigger the CI workflow on CIRRUS due to security concerns.

One way to address this issue is to use `pull_request_target` instead and `label` to trigger the CI workflow on CIRRUS. The `label` can only be added by a maintainer with write permission and ideally a maintainer should review and approve the PR before adding the label.

### Is there anyone in particular you want to be part of this conversation?

_No response_

### Will this change (regression test) answers?

No

### Will you be implementing this enhancement yourself?

Yes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add a secure way to run CI workflow from a non-maintainer contributor #66

What is the feature/what would you like to discuss?

Is there anyone in particular you want to be part of this conversation?

Will this change (regression test) answers?

Will you be implementing this enhancement yourself?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add a secure way to run CI workflow from a non-maintainer contributor #66

Description

What is the feature/what would you like to discuss?

Is there anyone in particular you want to be part of this conversation?

Will this change (regression test) answers?

Will you be implementing this enhancement yourself?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions