From 9977b52e434716af3dcbd47adca180c5de03a370 Mon Sep 17 00:00:00 2001 From: Hector Alfaro Date: Thu, 16 Nov 2023 12:45:51 -0500 Subject: [PATCH] Remove unnecessary use of pull_request_target trigger (#45464) Co-authored-by: Peter Bengtsson --- .github/workflows/auto-close-dependencies.yml | 2 +- .github/workflows/azure-preview-env-destroy.yml | 1 + .github/workflows/close-bad-repo-sync-prs.yml | 1 + .github/workflows/close-on-invalid-label.yaml | 2 ++ .github/workflows/confirm-internal-staff-work-in-docs.yml | 6 +++--- .github/workflows/content-changes-table-comment.yml | 1 + .github/workflows/hubber-contribution-help.yml | 2 +- .github/workflows/merged-notification.yml | 1 + .github/workflows/move-ready-to-merge-pr.yaml | 1 + .github/workflows/needs-sme-workflow.yml | 1 + .github/workflows/notify-when-maintainers-cannot-edit.yaml | 1 + .github/workflows/os-ready-for-review.yml | 1 + .github/workflows/ready-for-doc-review.yml | 2 +- .github/workflows/repo-freeze-check.yml | 1 + .github/workflows/triage-pull-requests.yml | 1 + .github/workflows/triage-unallowed-contributions.yml | 1 + 16 files changed, 19 insertions(+), 6 deletions(-) diff --git a/.github/workflows/auto-close-dependencies.yml b/.github/workflows/auto-close-dependencies.yml index 5a2059562d..dcf25ea61f 100644 --- a/.github/workflows/auto-close-dependencies.yml +++ b/.github/workflows/auto-close-dependencies.yml @@ -7,7 +7,7 @@ name: Auto Close Open Source Dependency Updates # **Who does it impact**: It helps docs engineering focus on higher value work. on: - pull_request_target: + pull_request: paths: - 'package*.json' - 'Gemfile*' diff --git a/.github/workflows/azure-preview-env-destroy.yml b/.github/workflows/azure-preview-env-destroy.yml index 2519057919..2c50b61410 100644 --- a/.github/workflows/azure-preview-env-destroy.yml +++ b/.github/workflows/azure-preview-env-destroy.yml @@ -5,6 +5,7 @@ name: Azure - Destroy Preview Env # **Who does it impact**: All contributors. on: + # Required in lieu of `pull_request` so that PRs created from forks can destroy the preview environment. pull_request_target: types: - closed diff --git a/.github/workflows/close-bad-repo-sync-prs.yml b/.github/workflows/close-bad-repo-sync-prs.yml index 861a55cb60..48e0bbe844 100644 --- a/.github/workflows/close-bad-repo-sync-prs.yml +++ b/.github/workflows/close-bad-repo-sync-prs.yml @@ -8,6 +8,7 @@ name: Close bad repo-sync PRs # **Who does it impact**: Open-source. on: + # Necessary in lieu of `pull_request` so that PRs opened from forks can be closed if they try to push to a repo sync branch. pull_request_target: permissions: diff --git a/.github/workflows/close-on-invalid-label.yaml b/.github/workflows/close-on-invalid-label.yaml index 383e471934..f2583f79f4 100644 --- a/.github/workflows/close-on-invalid-label.yaml +++ b/.github/workflows/close-on-invalid-label.yaml @@ -7,6 +7,8 @@ name: Close issue/PR on adding invalid label on: issues: types: [labeled] + # Needed in lieu of `pull_request` so that PRs from a fork can be + # closed when marked as invalid. pull_request_target: types: [labeled] diff --git a/.github/workflows/confirm-internal-staff-work-in-docs.yml b/.github/workflows/confirm-internal-staff-work-in-docs.yml index f0f047c394..fb8503f809 100644 --- a/.github/workflows/confirm-internal-staff-work-in-docs.yml +++ b/.github/workflows/confirm-internal-staff-work-in-docs.yml @@ -9,7 +9,7 @@ on: types: - opened - transferred - pull_request_target: + pull_request: types: - opened @@ -81,10 +81,10 @@ jobs: text: <@${{github.actor}}> opened https://github.com/github/docs/issues/${{ github.event.number || github.event.issue.number }} publicly on the github/docs repo instead of a private repo. They have been notified via a new issue in the private repo to confirm this was intentional. - name: Check out repo - if: ${{ failure() && github.event_name != 'pull_request_target' }} + if: ${{ failure() && github.event_name != 'pull_request' }} uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - uses: ./.github/actions/slack-alert - if: ${{ failure() && github.event_name != 'pull_request_target' }} + if: ${{ failure() && github.event_name != 'pull_request' }} with: slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} diff --git a/.github/workflows/content-changes-table-comment.yml b/.github/workflows/content-changes-table-comment.yml index 96ad5a90c6..76f4a5fb65 100644 --- a/.github/workflows/content-changes-table-comment.yml +++ b/.github/workflows/content-changes-table-comment.yml @@ -6,6 +6,7 @@ name: Content Changes Table Comment on: workflow_dispatch: + # Required in lieu of `pull_request` so that the content changes tables can be posts to PRs opened from a fork. pull_request_target: permissions: diff --git a/.github/workflows/hubber-contribution-help.yml b/.github/workflows/hubber-contribution-help.yml index e0f657b0d8..7a05a023bf 100644 --- a/.github/workflows/hubber-contribution-help.yml +++ b/.github/workflows/hubber-contribution-help.yml @@ -5,7 +5,7 @@ name: Hubber contribution help # **Who does it impact**: docs-internal contributors on: - pull_request_target: + pull_request: types: - opened paths: diff --git a/.github/workflows/merged-notification.yml b/.github/workflows/merged-notification.yml index b31ac574f2..715a1ace7e 100644 --- a/.github/workflows/merged-notification.yml +++ b/.github/workflows/merged-notification.yml @@ -5,6 +5,7 @@ name: Merged notification # **Who does it impact**: Open-source contributors. on: + # Needed in lieu of `pull_request` so that the notification comment is posted to a PR from a fork. pull_request_target: types: - 'closed' diff --git a/.github/workflows/move-ready-to-merge-pr.yaml b/.github/workflows/move-ready-to-merge-pr.yaml index 8d55c40f4b..1cbd39c3fd 100644 --- a/.github/workflows/move-ready-to-merge-pr.yaml +++ b/.github/workflows/move-ready-to-merge-pr.yaml @@ -5,6 +5,7 @@ name: Move and unlabel ready to merge PRs # **Who does it impact**: Open source contributors, open-source maintainers. on: + # Needed in lieu of `pull_request` so that the a PR from a fork can trigger the project board and label automation. pull_request_target: types: - labeled diff --git a/.github/workflows/needs-sme-workflow.yml b/.github/workflows/needs-sme-workflow.yml index 4d4f492b4d..1a4ce5eafd 100644 --- a/.github/workflows/needs-sme-workflow.yml +++ b/.github/workflows/needs-sme-workflow.yml @@ -7,6 +7,7 @@ name: Comment on adding "needs SME" label on: issues: types: [labeled] + # Needed in lieu of `pull_request` so that PRs from a fork can be labeled. pull_request_target: types: [labeled] diff --git a/.github/workflows/notify-when-maintainers-cannot-edit.yaml b/.github/workflows/notify-when-maintainers-cannot-edit.yaml index c37c028cda..0a9d9deb70 100644 --- a/.github/workflows/notify-when-maintainers-cannot-edit.yaml +++ b/.github/workflows/notify-when-maintainers-cannot-edit.yaml @@ -5,6 +5,7 @@ name: Notify When Maintainers Cannot Edit # **Who does it impact**: Open-source. on: + # Needed in lieu of `pull_request` so that PRs from a fork can be notified. pull_request_target: types: - opened diff --git a/.github/workflows/os-ready-for-review.yml b/.github/workflows/os-ready-for-review.yml index 5682c17d5b..04f7f7df8e 100644 --- a/.github/workflows/os-ready-for-review.yml +++ b/.github/workflows/os-ready-for-review.yml @@ -4,6 +4,7 @@ name: OS Ready for review # **Why we have it**: So that contributors in the OS repo can easily get reviews from the docs-content team, and so that writers can see when a PR is ready for review # **Who does it impact**: Writers working in the docs repository on: + # Needed in lieu of `pull_request` so that PRs from a fork can be triaged to the proper project board. pull_request_target: types: [labeled] issues: diff --git a/.github/workflows/ready-for-doc-review.yml b/.github/workflows/ready-for-doc-review.yml index baa9fa7f03..ff7ae02bb7 100644 --- a/.github/workflows/ready-for-doc-review.yml +++ b/.github/workflows/ready-for-doc-review.yml @@ -5,7 +5,7 @@ name: Ready for docs-content review # **Who does it impact**: Writers working in the docs-internal repository on: - pull_request_target: + pull_request: types: [labeled, review_requested] workflow_call: diff --git a/.github/workflows/repo-freeze-check.yml b/.github/workflows/repo-freeze-check.yml index 8e355d58ee..79bee9b44f 100644 --- a/.github/workflows/repo-freeze-check.yml +++ b/.github/workflows/repo-freeze-check.yml @@ -7,6 +7,7 @@ name: Repo Freeze Check on: workflow_dispatch: merge_group: + # Needed in lieu of `pull_request` so that PRs from a fork can stopped from merging when there's a freeze. pull_request_target: types: - opened diff --git a/.github/workflows/triage-pull-requests.yml b/.github/workflows/triage-pull-requests.yml index d000dbf7e1..2bd8d77cb9 100644 --- a/.github/workflows/triage-pull-requests.yml +++ b/.github/workflows/triage-pull-requests.yml @@ -5,6 +5,7 @@ name: Triage new pull requests # **Who does it impact**: Docs open source. on: + # Needed in lieu of `pull_request` so that PRs from a fork can be triaged. pull_request_target: types: - reopened diff --git a/.github/workflows/triage-unallowed-contributions.yml b/.github/workflows/triage-unallowed-contributions.yml index c4c91d2f05..f0909bbe2f 100644 --- a/.github/workflows/triage-unallowed-contributions.yml +++ b/.github/workflows/triage-unallowed-contributions.yml @@ -5,6 +5,7 @@ name: Check unallowed file changes # **Who does it impact**: Open source contributors. on: + # Needed in lieu of `pull_request` so that PRs from a fork can be notified of unallowed changes. pull_request_target: paths: - '.devcontainer/**'