Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Access Control to Dispatchable Workflows #217

Merged
merged 36 commits into from
Sep 12, 2024
Merged

Add Access Control to Dispatchable Workflows #217

merged 36 commits into from
Sep 12, 2024

Conversation

zhijie-yang
Copy link
Contributor

@zhijie-yang zhijie-yang commented Aug 7, 2024
edited
Loading

Ping the @canonical/rocks team.

Description

This PR adds the access control to the dispatchable workflow, in order to have the right user access to workflow when external users are granted "write" access.

Related issues

Not Applicable.

Tests

  1. With @zhijie-yang in CODEOWNER: Should pass: run1 and run2
  2. With @zhijie-yang neither in CODEOWNER nor in mock-rock/contacts.yaml as maintainer: Should cancel: run
  3. With @zhijie-yang in mock-rock/contacts.yaml as maintainer: Should pass: run
  4. Reusing the public workflows for other repos skips access validation: run

Latest workflow run: https://github.com/canonical/oci-factory/actions/runs/10828858187

@zhijie-yang zhijie-yang marked this pull request as draft August 7, 2024 15:03
zhijie-yang and others added 2 commits August 8, 2024 14:10
@zhijie-yang
Revert tests: SHOULD PASS
0cc5c76 
Revert "TEST: SHOULD FAIL: remove zhijie-yang from CODEOWNERS"

This reverts commit 8049c70.

Revert "TEST: SHOULD PASS: add zhijie-yang as mock-rock maintainer"

This reverts commit dc804d1.
ci: automatically update oci/mock-rock/_releases.json, from https://g…
f885a37 
…ithub.com/canonical/oci-factory/actions/runs/10301820520
@zhijie-yang zhijie-yang requested review from cjdcordeiro and linostar and removed request for cjdcordeiro August 8, 2024 14:13
@zhijie-yang zhijie-yang marked this pull request as ready for review August 8, 2024 14:13
clay-lake
clay-lake requested changes Aug 9, 2024
View reviewed changes
.github/actions/validate-access/action.yaml Outdated Show resolved Hide resolved
.github/actions/validate-access/action.yaml Outdated Show resolved Hide resolved
.github/actions/validate-access/action.yaml Outdated Show resolved Hide resolved
@cjdcordeiro cjdcordeiro mentioned this pull request Aug 23, 2024
Merged
2 tasks
cjdcordeiro
cjdcordeiro reviewed Aug 27, 2024
View reviewed changes
Copy link
Collaborator

@cjdcordeiro cjdcordeiro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(just leaving a comment so I get pinged again when this is ready for review)

clay-lake
clay-lake approved these changes Sep 12, 2024
View reviewed changes
Copy link
Contributor

@clay-lake clay-lake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Thanks for update to the Cancel behavior.

@cjdcordeiro cjdcordeiro merged commit 28e6194 into main Sep 12, 2024
@cjdcordeiro cjdcordeiro deleted the ROCKS-1340/access-control branch September 12, 2024 15:47
@cjdcordeiro cjdcordeiro self-assigned this Sep 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cjdcordeiro cjdcordeiro cjdcordeiro approved these changes

@clay-lake clay-lake clay-lake approved these changes

@linostar linostar Awaiting requested review from linostar

Assignees

@cjdcordeiro cjdcordeiro

Labels
priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zhijie-yang @cjdcordeiro @clay-lake