Devops 825 #105
Devops 825 #105
Conversation
…nfig file zizmor interprets zizmor.yml as its config file
only if PR target the Mira repo
There was a problem hiding this comment.
Pull Request Overview
This PR updates JIRA integration workflows to improve security and access control. The changes switch from basic authentication to API token authentication for JIRA and add repository checks to prevent workflows from running on forks.
- Updated JIRA authentication from basic auth to API token method
- Added repository checks to restrict workflow execution to the main repository only
- Enhanced security by preventing unauthorized workflow execution on forks
Reviewed Changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| .github/workflows/pr_add_jira_summary.yml | Updated JIRA authentication method and added repository check |
| .github/workflows/issue_to_jira.yml | Added fork protection check |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
|
||
| jobs: | ||
| call-workflow-create-jira-issue: | ||
| if: github.event.pull_request.head.repo.full_name == 'MiraGeoscience/simpeg' # do not run on repository forks |
There was a problem hiding this comment.
The condition github.event.pull_request.head.repo.full_name will not work for issue events. This workflow is triggered by issues events (based on the filename), but the condition references github.event.pull_request which will be null for issue events. Consider using github.repository == 'MiraGeoscience/simpeg' instead to match the pattern used in the other workflow.
| if: github.event.pull_request.head.repo.full_name == 'MiraGeoscience/simpeg' # do not run on repository forks | |
| if: github.repository == 'MiraGeoscience/simpeg' # do not run on repository forks |
|
will try again auto-title with a new PR from fork |
1 participant
No description provided.