JesusPoderoso
commented
1 day ago CI issues unrelated to the PR. Ready to merge!
Closed mergify[bot] closed 1 day ago
JesusPoderoso
commented
1 day ago CI issues unrelated to the PR. Ready to merge!
Description
This PR adds some logic to the CI to determine if an external contribution triggers the CI. In such a case, the CI avoids using the
external/add_labelaction which is not allowed in external contribution cases.A deep research on the literature brings some information regarding possible security issues while using
pull_request_targetCI triggers. As long as we only use thepull_requesttrigger, there is no need to include manual confirmation from a Collaborator with required permissions, from now on.NOTE: Adding the
skip-cilabel as long as the external contributions CI is tested from the following external PR:5219
As part of the CI pipelines, this PR needs to be included also in the critical-security-fixes-only 2.6.x supported branch.
@Mergifyio backport 3.0.x 2.14.x 2.10.x 2.6.x
Contributor Checklist
[x] Commit messages follow the project guidelines.
[x] The code follows the style guidelines of this project.
N/A Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
N/A Any new/modified methods have been properly documented using Doxygen.
N/A Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
N/A Changes are backport compatible: they do NOT break ABI nor change library core behavior.
N/A Changes are API compatible.
N/A New feature has been added to the
versions.mdfile (if applicable).N/A New feature has been documented/Current behavior is correctly described in the documentation.
[x] Applicable backports have been included in the description.
Reviewer Checklist
This is an automatic backport of pull request #5220 done by Mergify.