Auto-request review for usability when label is applied.#116884
Auto-request review for usability when label is applied.#116884Ivorforce wants to merge 1 commit into
Conversation
passivestar
left a comment
passivestar
left a comment
There was a problem hiding this comment.
Would appreciate more input on usability team if this is desired.
Makes sense to me
|
Not sure this will work without adding permissions to the token used for CI, which has its own risks |
Ivorforce
force-pushed
the
usability-auto-request
branch
from
efb72c3 to
5eec605
Compare
Good point. I changed the ref to a specific commit instead of |
|
That's not the risk I mean, I mean that if we add permissions to the runners someone can write a GitHub action to delete all labels for example or close all PRs, as there's no real way for us to control what the token is used for when it's configured as it has to be accessible to this CI action |
|
I think this feature is better implemented as a GitHub app or other background process where we can control access but not expose like this |
There was a problem hiding this comment.
This won't work, looking closer at the action package it only runs when a PR is opened, it won't run at any other time so this unfortunately won't work
if (context.payload.action !== 'opened') {
console.log('No pull request was opened, skipping')
return
}
|
It turns out it applies the action to this specific PR, and it fails, but not for the reasons above I think |
|
Right, so it's broken anyway. I guess if we wanted to do this we would need another or a custom action. |
3 participants
Suggested by @AdriaandeJongh. Would appreciate more input on usability team if this is desired.
I'm also not sure if this will work since I haven't tested it.
The action depends on https://github.com/kunihiko-t/review-request-action which is niche but also small, so hopefully no risk of regression if it does work.