Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Update workflow to add labels in PR editing docstrings safe to run from forks #4145

Closed
wants to merge 1 commit into from
Closed

ci: Update workflow to add labels in PR editing docstrings safe to run from forks #4145

wants to merge 1 commit into from

Conversation

silvanocerza
Copy link
Contributor

@silvanocerza silvanocerza commented Feb 13, 2023
edited
Loading

Proposed Changes:

This changes the event that triggers the docstring-labeler.yml workflow from pull_request to pull_request_target.

It also adds a new job to prevent running malicious code.

How did you test it?

Can't be tested.

Notes for the reviewer

This PR has some security implications that we might need to discuss.

This is only one of the possible approaches to label PRs from forks. Other approaches might be:

I recommend reading this blog post to gain a clear view on the security issues.

Am open to different solutions.

Checklist

  • I have read the contributors guidelines and the code of conduct
  • I have updated the related issue with new insights and changes
  • I added tests that demonstrate the correct behavior of the change
  • I've used one of the conventional commit types for my PR title: fix:, feat:, build:, chore:, ci:, docs:, style:, refactor:, perf:, test:.
  • I documented my code
  • I ran pre-commit hooks and fixed any issue

@silvanocerza silvanocerza added topic:CI topic:security relevant to Haystack's threat model labels Feb 13, 2023
@silvanocerza silvanocerza self-assigned this Feb 13, 2023
@github-actions github-actions bot removed the topic:security relevant to Haystack's threat model label Feb 13, 2023
@silvanocerza silvanocerza added the topic:security relevant to Haystack's threat model label Feb 13, 2023
This was referenced Feb 13, 2023
Merged
Merged
@silvanocerza silvanocerza marked this pull request as ready for review February 16, 2023 09:49
@silvanocerza silvanocerza requested a review from a team as a code owner February 16, 2023 09:49
@silvanocerza silvanocerza requested review from masci and removed request for a team February 16, 2023 09:49
@anakin87 anakin87 mentioned this pull request Feb 16, 2023
Merged
6 tasks
@silvanocerza
Copy link
Contributor Author

Closing this, we went with the solution from #4146.

@silvanocerza silvanocerza deleted the docs-labeler-update branch February 16, 2023 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@masci masci Awaiting requested review from masci masci is a code owner automatically assigned from deepset-ai/open-source-engineering

Assignees

@silvanocerza silvanocerza

Labels
topic:CI topic:security relevant to Haystack's threat model
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@silvanocerza