allow external contributors to run our e2e tests

misrasaurabh1 · misrasaurabh1 · commit 50de507b7885 · 2025-04-06T22:47:47.000-07:00
diff --git a/.github/workflows/codeflash-optimize.yaml b/.github/workflows/codeflash-optimize.yaml
@@ -1,7 +1,7 @@
 name: CodeFlash
 
 on:
-  pull_request:
+  pull_request_target:
     paths:
       - "**"
   workflow_dispatch:
@@ -26,6 +26,12 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+      - name: Validate PR
+        run: |
+          if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "codeflash-optimize.yaml"; then
+            echo "This workflow file has been modified. Exiting for security."
+            exit 1
+          fi
 
       - name: 🐍 Set up Python 3.11 for CLI
         uses: astral-sh/setup-uv@v5
diff --git a/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml b/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml
@@ -1,7 +1,7 @@
 name: end-to-end-test
 
 on:
-  pull_request:
+  pull_request_target:
   workflow_dispatch:
 
 jobs:
@@ -21,6 +21,12 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Validate PR
+        run: |
+           if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "end-to-end-test-bubblesort-pytest-no-git.yaml"; then
+             echo "This workflow file has been modified. Exiting for security."
+             exit 1
+           fi
 
       - name: Set up Python 3.11 for CLI
         uses: astral-sh/setup-uv@v5
diff --git a/.github/workflows/end-to-end-test-bubblesort-unittest.yaml b/.github/workflows/end-to-end-test-bubblesort-unittest.yaml
@@ -1,7 +1,7 @@
 name: end-to-end-test
 
 on:
-  pull_request:
+  pull_request_target:
   workflow_dispatch:
 
 jobs:
@@ -21,6 +21,12 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Validate PR
+        run: |
+          if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "end-to-end-test-bubblesort-unittest.yaml"; then
+            echo "This workflow file has been modified. Exiting for security."
+            exit 1
+          fi
 
       - name: Set up Python 3.11 for CLI
         uses: astral-sh/setup-uv@v5
diff --git a/.github/workflows/end-to-end-test-coverage.yaml b/.github/workflows/end-to-end-test-coverage.yaml
@@ -1,7 +1,7 @@
 name: Coverage E2E
 
 on:
-  pull_request:
+  pull_request_target:
   workflow_dispatch:
 
 jobs:
@@ -19,6 +19,12 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Validate PR
+        run: |
+          if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "end-to-end-test-coverage.yaml"; then
+            echo "This workflow file has been modified. Exiting for security."
+            exit 1
+          fi
 
       - name: Set up Python 3.11 for CLI
         uses: astral-sh/setup-uv@v5
diff --git a/.github/workflows/end-to-end-test-futurehouse.yaml b/.github/workflows/end-to-end-test-futurehouse.yaml
@@ -1,7 +1,7 @@
 name: end-to-end-test
 
 on:
-  pull_request:
+  pull_request_target:
   workflow_dispatch:
 
 jobs:
@@ -21,6 +21,12 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Validate PR
+        run: |
+          if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "end-to-end-test-futurehouse.yaml"; then
+            echo "This workflow file has been modified. Exiting for security."
+            exit 1
+          fi
 
       - name: Set up Python 3.11 for CLI
         uses: astral-sh/setup-uv@v5
diff --git a/.github/workflows/end-to-end-test-init-optim.yaml b/.github/workflows/end-to-end-test-init-optim.yaml
@@ -1,7 +1,7 @@
 name: end-to-end-test
 
 on:
-  pull_request:
+  pull_request_target:
   workflow_dispatch:
 
 jobs:
@@ -21,6 +21,12 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Validate PR
+        run: |
+          if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "end-to-end-test-init-optim.yaml"; then
+            echo "This workflow file has been modified. Exiting for security."
+            exit 1
+          fi
 
       - name: Set up Python 3.11 for CLI
         uses: astral-sh/setup-uv@v5
diff --git a/.github/workflows/end-to-end-test-tracer-replay.yaml b/.github/workflows/end-to-end-test-tracer-replay.yaml
@@ -1,7 +1,7 @@
 name: end-to-end-test
 
 on:
-  pull_request:
+  pull_request_target:
   workflow_dispatch:
 
 jobs:
@@ -21,6 +21,13 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Validate PR
+        run: |
+          if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "end-to-end-test-tracer-replay.yaml"; then
+            echo "This workflow file has been modified. Exiting for security."
+            exit 1
+          fi
+
 
       - name: Set up Python 3.11 for CLI
         uses: astral-sh/setup-uv@v5
diff --git a/.github/workflows/end-to-end-topological-sort-test.yaml b/.github/workflows/end-to-end-topological-sort-test.yaml
@@ -1,7 +1,7 @@
 name: end-to-end-test
 
 on:
-  pull_request:
+  pull_request_target:
   workflow_dispatch:
 
 jobs:
@@ -21,6 +21,12 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Validate PR
+        run: |
+          if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "end-to-end-topological-sort-test.yaml"; then
+            echo "This workflow file has been modified. Exiting for security."
+            exit 1
+          fi
 
       - name: Set up Python 3.11 for CLI
         uses: astral-sh/setup-uv@v5
