From 2e67e8965e9d5be75cef681d5f56b18e33640af7 Mon Sep 17 00:00:00 2001 From: nicolethoen Date: Tue, 28 Apr 2026 09:36:21 -0400 Subject: [PATCH] chore(ci): update issue labeling and preview gating Use org-level reusable workflows for new issue labeling and PR preview permission checks so deploy previews are restricted to trusted contributors. Made-with: Cursor --- .github/workflows/label-pf-team-issue.yml | 9 +++++++++ .github/workflows/pr-preview.yml | 13 +++++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/label-pf-team-issue.yml diff --git a/.github/workflows/label-pf-team-issue.yml b/.github/workflows/label-pf-team-issue.yml new file mode 100644 index 00000000..9019ee29 --- /dev/null +++ b/.github/workflows/label-pf-team-issue.yml @@ -0,0 +1,9 @@ +name: Label PF Team issues +on: + issues: + types: + - opened +jobs: + label: + uses: patternfly/.github/.github/workflows/add-pf-team-label-workflow.yml@main + secrets: inherit diff --git a/.github/workflows/pr-preview.yml b/.github/workflows/pr-preview.yml index 38b88d36..bb0c007b 100644 --- a/.github/workflows/pr-preview.yml +++ b/.github/workflows/pr-preview.yml @@ -1,13 +1,22 @@ name: pr-preview -on: pull_request_target +on: + pull_request_target: + issue_comment: + types: [created] jobs: + check-permissions: + uses: patternfly/.github/.github/workflows/check-team-membership.yml@main + secrets: inherit + build-upload: + needs: check-permissions + if: needs.check-permissions.outputs.allowed == 'true' runs-on: ubuntu-latest env: SURGE_LOGIN: ${{ secrets.SURGE_LOGIN }} SURGE_TOKEN: ${{ secrets.SURGE_TOKEN }} GH_PR_TOKEN: ${{ secrets.GH_PR_TOKEN }} - GH_PR_NUM: ${{ github.event.number }} + GH_PR_NUM: ${{ needs.check-permissions.outputs.pr-number }} steps: - uses: actions/checkout@v2 # Yes, we really want to checkout the PR