update CI workflows to only use pull_request event

apollographql / federation-jvm

JVM support for Apollo Federation

https://www.apollographql.com/docs/federation/

MIT License

250 stars 65 forks source link

update CI workflows to only use pull_request event #317

Closed dariuszkuc closed 1 year ago

dariuszkuc commented 1 year ago

Updating federation compatibility check to trigger on pull_request and use regular GITHUB_TOKEN. This eliminates potential security vulnerability on workflows triggered through pull_request_target event but has a drawback that comments from compatibility action will only work on PRs from origin (i.e. it will no longer be able to comment on PRs from forks).

dariuszkuc commented 1 year ago

Apollo Federation Subgraph Compatibility Results

Federation 1 Support Federation 2 Support

`_service`	🟢
`@key (single)`	🟢
`@key (multi)`	🟢
`@key (composite)`	🟢
`repeatable @key`	🟢
`@requires`	🟢
`@provides`	🟢
`federated tracing`	🟢

`@link`	🟢
`@shareable`	🟢
`@tag`	🟢
`@override`	🟢
`@inaccessible`	🟢
`@composeDirective`	🟢
`@interfaceObject`	🟢

Learn more: