-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Utilize GitHub Action to aid PR review #2140
Comments
utilizing our existing intra-site broken link detection could be a good first step:
|
To add some background info: I was primarily looking to use danger.js for this issue. However, even though the tool itself is reasonably easy to integrate, it is not straightforward to use with a forking workflow because of permission issues (i.e, when someone is making a PR from a fork, the triggered GitHub Action has limited permission to prevent leaking secrets etc).
|
Another thing that I would be interested to do is to check if the PR is tagged with the release tags upon merging! I think this is something we always forget to do (opps) but helps make releases a lot easier. I was thinking perhaps it can ping the person who merged if they forget to tag it. |
@KevinEyo1 will be taking up this issue |
Hi, I'm working on the checking of the coupled code portion now. I have thought about how to implement this, some considerations up for discussion. (This also applies to if Danger.js is used, since it also requires write access and also requires checking out of code) Current implementation idea (or use Danger.js) This means that checking out of code is required, which means that pull_request_target should not be used for security reasons. A possible solution of setting the repo checked out to be the base branch repo, as per my research, does not work since the changes that we want to check from the PR would not be reflected in the base branch repo. This means that there will be no write access given to the However, I do not think directly failing the check is ideal either, at least for now since there could be hidden inaccuracies in the coupling of files, and would be problematic if it fails the test for a perfectly fine PR, preventing it from merging. But if it doesnt fail and just echoes something, then users might easily miss it. Solutions: |
TLDR (all use Danger.js or a script) |
Thank you @KevinEyo1 for the investigation and summary above!
The solution I would propose here is to make that CI check fail, but the branch protection to allow merging regardless of this check's status. |
Please confirm that you have searched existing issues in the repo
Yes, I have searched the existing issues
Any related issues?
No response
What is the area that this feature belongs to?
Other
Is your feature request related to a problem? Please describe.
Use GitHub Action, possibly available ones, to automate and remind PR authors of the potential flaws:
Any other helpful points pls feel free to edit or comment below.
Describe the solution you'd like
As above
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: