Avoid initiating CI runs for members who are not in the mantid-developers GitHub team #6
Conversation
There was a problem hiding this comment.
I don't know how much work this is but is it worth writing a comment back to the PR to say something like:
"The CI workflow has not been triggered as %author is not an approved user. Please contact the mantid development team for more information".
This would let be an indication that something has happened and new users know what to do.
| @@ -209,6 +215,21 @@ retry: | |||
| return | |||
| } | |||
|
|
|||
| func isValidMember(author string) bool { | |||
| orgName := "mantidproject" | |||
There was a problem hiding this comment.
Is it worth putting these values; orgName, teamName & author in the config.json? That way all of the configuration values are in one place.
Maybe make this a list and include mantid-contributors? This list includes external collaborators but they are trusted people too.
There was a problem hiding this comment.
Thanks Martyn for the review!
Yes it is a good idea to make teamNames a list and to load orgName as well from config.json rather than hardcoding here.
Since, author is the original user who has made the PR, can we define its value in the config.json?
Thanks!
There was a problem hiding this comment.
No you're correct, author must of course come from the PR itself 🤦🏻. I got carried away typing the list!
There was a problem hiding this comment.
For who gets to kick off builds, definitely those in mantid-developers (which is nested) and mantid-contributors is reasonable. I wouldn't add any other groups. For example, gatekeepers should be in mantid-developers as well.
A validation was added to avoid initiating CI runs for the Pull requests from the external parties who are not members of the
mantid-developersGitHub team. The notion behind making this change is to increase the security of the CI environments to avoid any malicious PRs.The GitHub API used: https://docs.github.com/en/rest/teams/members?apiVersion=2022-11-28#get-team-membership-for-a-user