njmei
commented
3 months ago @kaizhang It would probably also be a good idea to prevent external PR requests to accidentally trigger your github actions workflows. It will use up your github actions credits and malicious actors could submit bogus PRs that could hijack the github actions runners to do unsavory things.
I think you can do this by following this guide: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#controlling-changes-from-forks-to-workflows-in-public-repositories
Require approval for all outside collaborators. is probably the safest option.
codecov-commenter
It turns out tests were failing because the github
actions/checkoutplugin by default does not download git LFS files. This was causing later tests to fail because they were expecting full test files instead of git LFS pointers.This commit also restores the matrixed snap-atac-flavor options. Each run of the updated workflow will release
defaultas well as arecommend-interactivesnapatac2 docker image.Note: tests in this PR are probably failing because it is still pointing at:
kaizhang/SnapATAC2/.github/workflows/docker.yml@mainhttps://github.com/kaizhang/SnapATAC2/blob/b7854948133e7a1a59badcf53432fc57ef236f98/.github/workflows/test_python.yml#L47-L50
Validation: On my fork, the
Test Docker Imageportion passes. Note that the login step fails (because I didn't set up docker credentials on my fork): https://github.com/njmei/SnapATAC2/actions/runs/8503169951/job/23288304288