-
Notifications
You must be signed in to change notification settings - Fork 64
34 lines (30 loc) · 1.11 KB
/
pr_non_contributors.yml
File metadata and controls
34 lines (30 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
name: CI on PRs from forks
on:
pull_request_target:
types: [ opened, synchronize, reopened ]
branches: [ main ] # Only run on PRs with `main` as their base
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.head.ref }}
cancel-in-progress: true
jobs:
env_hold:
name: "Approve CI for Forks"
environment: ci-forks
runs-on: ubuntu-24.04
if: github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
steps:
- name: Wait for environment approval for runs from forks
run: exit 0
ci:
uses: ./.github/workflows/build.yml
if: github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
secrets: inherit
permissions:
id-token: write # Required for GCP Workload Identity for failure notifications
contents: read
pull-requests: read # Required for the static tests
issues: read # Required for the static tests
actions: write # To cancel itself if not opted in
needs: env_hold
with:
commit_sha: ${{ github.event.pull_request.head.sha }}