Closed avtar closed 1 year ago
Thanks, great suggestion, I've wanted something like this for ages too.
This would be great. At the moment we have to submit all our PRs from the main repository, which is a non-standard workflow and means everyone has to namespace their feature branches to avoid clashes...
Unfortunately this information doesn't come with GitHub's webhooks, meaning we don't have access to it.
It's in the GitHub API, though, so you could request it?
A common way of contributing to open source projects on GitHub is to issue pull requests using forked repositories. Buildkite's
Build pull requests from third-party forked repositories
GitHub setting currently does not provide a default way of securing this workflow. A workaround is to use block steps for pull request branches in every repository pipeline. Instead of the warning text associated with the previously mentioned setting a safer option (or default?) would be to block builds automatically if the account used to issue the pull request is not a recognized contributor. If this setting is applied organization-wide then potential security issues resulting from a missing block step in a repository would be mitigated.