drew-512
commented
5 years ago Works for me if forks are disallowed in the interim.
Open tgross opened 5 years ago
drew-512
commented
5 years ago Works for me if forks are disallowed in the interim.
tgross
commented
5 years ago Oh hey ask and ye shall receive: https://github.com/telia-oss/github-pr-resource/pull/126 will most likely do what we're trying to do here. Let's wait that out a bit to see where it ends up, and we could always run this ourselves if we wanted (one of the reasons why I chose Concourse is that it makes it easy to run custom versions of resources like that).
Right now we're only building the
masterbranch of all the projects because we can't prevent a malicious external contributor from using PRs to execute arbitrary code on our donated build server. This is somewhat mitigated by having our pipeline execute mostlygo {get,test,build}commands.The Concourse resource types wiki page includes the
github-pr-resource, but the only way that allows us to restrict PRs is to disallow forks entirely. But we want to run forks, just ones we approve first.I'm going to look into whether there's a reasonable way to integrate Bors into our workflow with Concourse.