New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: add workflow for updating package API snapshots #863
Conversation
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love this workflow! Just left a minor comment about the label naming
.github/workflows/package_api.yml
Outdated
jobs: | ||
update: | ||
runs-on: ubuntu-latest | ||
if: ${{ github.event.pull_request.head.repo.full_name == 'primer/octicons' && contains(github.event.pull_request.labels.*.name, 'Update Public API') }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: How do you feel about calling the label api changes approved
? (I don't think we use capital letters in any of our labels)
…ons into ci/add-package-api-workflow
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ship it 🚀
Add in a workflow for updating the package API snapshots for
octicons-react
without having to pull down the PR and run snapshot tests.This workflow does use the
pull_request_target
event but guards against misuse by requiring a label to be placed on the Pull Request in order to run. This technique comes from: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ and allows us to check that someone with write permission to the project has "approved" this workflow to run because the label is on the Pull Request.