[PM-7025] include check-run in workflows where secrets are used #9135
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #9135 +/- ##
==========================================
- Coverage 27.76% 27.76% -0.01%
==========================================
Files 2421 2421
Lines 70098 70097 -1
Branches 13059 13059
==========================================
- Hits 19463 19462 -1
Misses 49123 49123
Partials 1512 1512 ☔ View full report in Codecov by Sentry. |
|
No New Or Fixed Issues Found |
bwdil
changed the title
.github/workflows/build-cli.yml
Outdated
| @@ -27,12 +27,18 @@ on: | |||
| - '.github/workflows/build-cli.yml' | |||
| workflow_dispatch: | |||
| inputs: {} | |||
| pull_request_target: | |||
There was a problem hiding this comment.
❌ You have to replace the above pull_request_target with this.
.github/workflows/build-cli.yml
Outdated
| @@ -362,6 +368,7 @@ jobs: | |||
| - cli | |||
| - cli-windows | |||
| - snap | |||
| - check-run | |||
There was a problem hiding this comment.
❌ This is expanding the work surface but touches on something Oscar was bringing up -- needing secrets, and when. You'll see below that the secret reference is only relevant when on non-PR builds, so this check isn't even necessary.
There was a problem hiding this comment.
ok, in that case we don't need check-run for this one.
Type of change
GitHub workflows
Objective
As part of our organization-wide effort to secure bw code repos, a change to include
check-runin workflows wheresecretsare used is required.Code changes
Incremental change to existing workflows