zkamvar
commented
1 year ago Hello again, @ManonMarchand!
How can we add our own action to our repo (that updates the figures of our lessons with current data)?
There are two ways:
- add a custom workflow file and give it the
.ymlextension (not.yaml). This will prevent theupdate-workflows.yamlaction from destroying that file. OR - add the action inside the
sandpaper-main.yamlworkflow file and continuously monitor the diffs of that file for changes.
The PR bot prevents us from doing this. Could it really be malicious if we don't touch the carpentries actions?
The PR bot does not prevent you from doing this per se, it gives you strong warnings if you try to modify content and workflows at the same time (e.g. https://github.com/carpentries-incubator/bioc-intro/pull/97#issuecomment-1540622467). The rationale behind this can be found in The "Risk Mangement" section in the documentation. The protections are less for The Carpentries Infrastructure (sensitive data is not accessible through the lessons or the tokens used to generate pull requests) and more of good practices in general. This way, it's harder for a new maintainer to accept a malicious pull request.
That being said, if you are the one submitting the PR, then you can be reasonably confident that the workflows are correct and you can ignore any warnings like that.
ManonMarchand
Hello and thanks for the template,
How can we add our own action to our repo (that updates the figures of our lessons with current data)? The PR bot prevents us from doing this. Could it really be malicious if we don't touch the carpentries actions?
Have a lovely day,