Skip to content

Refactor some GH workflows#36497

Open
carrodher wants to merge 1 commit intomainfrom
refactorGHworkflows
Open

Refactor some GH workflows#36497
carrodher wants to merge 1 commit intomainfrom
refactorGHworkflows

Conversation

@carrodher
Copy link
Copy Markdown
Member

@carrodher carrodher commented Apr 9, 2026

No description provided.

@carrodher
Refactor some GH workflows
ee850f0 
Signed-off-by: Carlos Rodríguez Hernández <carlos.rodriguez-hernandez@broadcom.com>

ai-assisted=no
fmulero
fmulero requested changes Apr 9, 2026
View reviewed changes
.github/workflows/ci-update.yml
# pull_request: fork PRs do not receive base-repo secrets; BOT_TOKEN push only runs for same-repo PRs.
on: # rebuild any PRs and main branch changes
pull_request_target:
pull_request:
Copy link
Copy Markdown
Collaborator

@fmulero fmulero Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We tried this change in the past and you have the explanation why we reverted the change in the comment above. Most of our PRs come from forked repositories and we need a PAT token to commit changes (changelog and readme) in forked repositories.

.github/workflows/ci-update.yml
contents: read
if: |
needs.get-chart.outputs.result == 'ok' &&
github.event.pull_request.head.repo.full_name == github.repository &&
Copy link
Copy Markdown
Collaborator

@fmulero fmulero Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume you are adding this condition to avoid running this piece of code in private repositories. To do that we usually add this condition:

Suggested change
github.event.pull_request.head.repo.full_name == github.repository &&
github.repository_owner == 'bitnami' &&

.github/workflows/ci-verify.yml
- name: Checkout bitnami/charts (PR merge ref)
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
ref: ${{github.event.pull_request.head.ref}}
Copy link
Copy Markdown
Collaborator

@fmulero fmulero Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch 👍

.github/workflows/license-headers.yml
# pull_request + default checkout uses the merge ref; avoids pull_request_target + PR head checkout.
on:
pull_request_target:
pull_request:
Copy link
Copy Markdown
Collaborator

@fmulero fmulero Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We tried this change in the past. apache/skywalking-eyes/header action requires permissions to change the PR and add comments with the failures. On pull_request events comming from forked repositories, the github_action token does not have enough permissions to change a PR in the bitnami/charts repository.

.github/workflows/license-headers.yml
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
name: Checkout Repository
with:
Copy link
Copy Markdown
Collaborator

@fmulero fmulero Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't change this. We can not use pull_request

@github-actions github-actions bot added verify Execute verification workflow for these changes bitnami labels Apr 9, 2026
@github-actions github-actions bot requested a review from fmulero April 9, 2026 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fmulero fmulero Awaiting requested review from fmulero

Requested changes must be addressed to merge this pull request.

Assignees

@fmulero fmulero

Labels

bitnami verify Execute verification workflow for these changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@carrodher @fmulero @bitnami-bot