Use native GitHub approvals for community PRs #905
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Edit: forked PRs still don't get secrets, and we'll likely need to work around that with
pull_request_target
.Inspired by pulumi/pulumi#16083.
GitHub natively allows maintainers to manually kick off tests on PRs from community members. It's straightforward and doesn't hide test results behind a URL.
This PR removes all the logic around
/run-acceptance-tests
in favor of GitHub's native functionality.Caveat: GitHub doesn't currently provide an API for configuring fork approval settings (integrations/terraform-provider-github#2108), and the default is "Require approval for first-time contributors" whereas the current workflow is equivalent to "Require approval for all outside collaborators".
I've changed the pulumi org's default permission to always require approval for outside PRs, and this seems to have had the intended effect.