This repository was archived by the owner on Feb 25, 2025. It is now read-only.
Allow for optional label to trigger vuln scan on patch PRs #42494
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zanderso
reviewed
Jun 1, 2023
| @@ -12,7 +14,8 @@ jobs: | |||
| vuln-scan: | |||
| name: Vulnerability scanning | |||
| runs-on: ubuntu-20.04 | |||
| if: ${{ github.repository == 'flutter/engine' }} | |||
| # run on flutter/engine push to main or PRs with 'vulnerability patch' label | |||
| if: ${{ github.repository == 'flutter/engine' && (github.event_name == 'push' || github.event.label.name == 'vulnerability patch') }} | |||
There was a problem hiding this comment.
Can this be called "vulnerability scan" instead? I'm worried that "vulnerability patch" will create confusion.
|
Thank you for the comments - updated to use 'scan' rather than 'patch' |
zanderso
approved these changes
Jun 1, 2023
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/flutter
that referenced
this pull request
Jun 2, 2023
auto-submit bot
pushed a commit
to flutter/flutter
that referenced
this pull request
Jun 2, 2023
…128119) flutter/engine@02d6fbb...c6e9383 2023-06-02 jason-simmons@users.noreply.github.com [Impeller] clang-tidy fixes (flutter/engine#42503) 2023-06-02 103135467+sealesj@users.noreply.github.com Allow for optional label to trigger vuln scan on patch PRs (flutter/engine#42494) 2023-06-02 skia-flutter-autoroll@skia.org Roll Skia from 881a8df6f9e9 to 47b0db43f6a4 (1 revision) (flutter/engine#42512) 2023-06-02 skia-flutter-autoroll@skia.org Roll Fuchsia Linux SDK from X4Pkixxtt3BkjRW9P... to PuYA-6NVHeHPlkCdk... (flutter/engine#42511) 2023-06-02 skia-flutter-autoroll@skia.org Roll Skia from 7777ee2bf7ef to 881a8df6f9e9 (1 revision) (flutter/engine#42510) 2023-06-02 skia-flutter-autoroll@skia.org Roll Dart SDK from 3d4d29d8f16b to 9d8df2a5210b (2 revisions) (flutter/engine#42509) 2023-06-02 skia-flutter-autoroll@skia.org Roll Skia from 02e706e9761b to 7777ee2bf7ef (2 revisions) (flutter/engine#42508) 2023-06-02 skia-flutter-autoroll@skia.org Roll Skia from 0c75f1877b37 to 02e706e9761b (2 revisions) (flutter/engine#42506) 2023-06-02 dkwingsmt@users.noreply.github.com Revert "[Rasterizer] Make resubmit information temporary" (flutter/engine#42455) 2023-06-02 skia-flutter-autoroll@skia.org Roll Skia from f4854a3d009d to 0c75f1877b37 (1 revision) (flutter/engine#42505) 2023-06-02 skia-flutter-autoroll@skia.org Roll Dart SDK from 0d3c310fd6d9 to 3d4d29d8f16b (3 revisions) (flutter/engine#42502) 2023-06-02 skia-flutter-autoroll@skia.org Roll Skia from 082a7d1f72f7 to f4854a3d009d (4 revisions) (flutter/engine#42500) 2023-06-01 godofredoc@google.com Do not retry lint or clang tidy tests. (flutter/engine#42498) 2023-06-01 dnfield@google.com [Impeller] Compute in Vulkan (flutter/engine#42294) 2023-06-01 skia-flutter-autoroll@skia.org Roll Fuchsia Mac SDK from yqJfBsLdfLP4_vbFu... to JQRQ1nH1ILNA--N_b... (flutter/engine#42499) Also rolling transitive DEPS: fuchsia/sdk/core/linux-amd64 from X4Pkixxtt3Bk to PuYA-6NVHeHP fuchsia/sdk/core/mac-amd64 from yqJfBsLdfLP4 to JQRQ1nH1ILNA If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/flutter-engine-flutter-autoroll Please CC jonahwilliams@google.com,rmistry@google.com,zra@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Flutter: https://github.com/flutter/flutter/issues/new/choose To report a problem with the AutoRoller itself, please file a bug: https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change introduces the ability to allow for the vulnerability scanning workflow to be triggered by the 'vulnerability scan' label on PRs. If the label is not applied, the workflow is skipped completely on PRs. This will allow those working to patch a vulnerability to check for resolution before landing the change.
Testing this change: https://github.com/flutter/engine/actions/runs/5059129544
b/283970087
If you had to change anything in the flutter/tests repo, include a link to the migration guide as per the breaking change policy.
Pre-launch Checklist
///).If you need help, consider asking for advice on the #hackers-new channel on Discord.