Add SPIFFE Federation Resource #32174
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow is run whenever a pull request is opened, re-opened, or taken | |
# out of draft (ready for review). | |
# | |
# NOTE: pull_request_target behaves the same as pull_request except it grants a | |
# read/write token to workflows running on a pull request from a fork. While | |
# this may seem unsafe, the permissions for the token are limited below and | |
# the permissions can not be changed without merging to master which is | |
# protected by CODEOWNERS. | |
name: Assign | |
on: | |
pull_request_target: | |
types: [opened, ready_for_review] | |
# Limit the permissions on the GitHub token for this workflow to the subset | |
# that is required. In this case, the assign workflow only needs to be able | |
# to update the assigned reviewers, so it needs write access to | |
# "pull-requests", nothing else. | |
permissions: | |
pull-requests: write | |
actions: none | |
checks: none | |
contents: none | |
deployments: none | |
issues: none | |
packages: none | |
repository-projects: none | |
security-events: none | |
statuses: none | |
jobs: | |
auto-request-review: | |
name: Auto Request Review | |
if: ${{ !github.event.pull_request.draft && !startsWith(github.head_ref, 'dependabot/') }} | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout main branch of shared-workflow repository. | |
- name: Checkout shared-workflow | |
uses: actions/checkout@v4 | |
with: | |
repository: gravitational/shared-workflows | |
path: .github/shared-workflows | |
ref: main | |
- name: Installing Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 'stable' | |
# Run "check" subcommand on bot. | |
- name: Assigning reviewers | |
run: cd .github/shared-workflows/bot && go run main.go -workflow=assign -token="${{ secrets.GITHUB_TOKEN }}" -reviewers="${{ secrets.reviewers }}" |