lox
commented
6 years ago Thanks, great suggestion, I've wanted something like this for ages too.
Closed avtar closed 1 year ago
lox
commented
6 years ago Thanks, great suggestion, I've wanted something like this for ages too.
michaelpj
commented
5 years ago This would be great. At the moment we have to submit all our PRs from the main repository, which is a non-standard workflow and means everyone has to namespace their feature branches to avoid clashes...
lox
commented
5 years ago Unfortunately this information doesn't come with GitHub's webhooks, meaning we don't have access to it.
michaelpj
commented
5 years ago It's in the GitHub API, though, so you could request it?
A common way of contributing to open source projects on GitHub is to issue pull requests using forked repositories. Buildkite's
Build pull requests from third-party forked repositoriesGitHub setting currently does not provide a default way of securing this workflow. A workaround is to use block steps for pull request branches in every repository pipeline. Instead of the warning text associated with the previously mentioned setting a safer option (or default?) would be to block builds automatically if the account used to issue the pull request is not a recognized contributor. If this setting is applied organization-wide then potential security issues resulting from a missing block step in a repository would be mitigated.