Open afrittoli opened 4 years ago
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten
Send feedback to tektoncd/plumbing.
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
/close
Send feedback to tektoncd/plumbing.
@tekton-robot: Closing this issue.
/remove-lifecycle rotten /remove-lifecycle stale /reopen
@vdemeester: Reopened this issue.
/lifecycle frozen
I added a new custom interceptor that adds the required info to the payloads of events, but it is not used yet for CI jobs.
Precondition for this: https://github.com/tektoncd/plumbing/pull/956
@afrittoli this can probably be closed right?
ping @afrittoli is this complete?
I wrote https://github.com/tektoncd/plumbing/tree/main/tekton/ci/interceptors/add-team-members but it needs to be converted to the "new" format of cluster interceptor https://github.com/tektoncd/plumbing/tree/main/tekton/ci/cluster-interceptors.
What that interceptor does is add the list of team members to the extensions, but perhaps we could have more logic implemented in the custom interceptor, i.e. pass in the author and repo and list of labels, and return an authorised decision (true/false).
Expected Behavior
CI Jobs are only executed if a PR was submitted by someone who belongs to the org or if the "ok-to-test" label was added.
Actual Behavior
CI Jobs are executed regardless.
Additional Info
This avoids letting anyone from outside of the org running arbitrary code in CI checks, and it provides continuity with the functionality available from prow today.