PDP-473: Create pr-workflow.yaml #202
Conversation
SameeraPriyathamTadikonda
requested review from
BillFarber and
rjrudin
as code owners
There was a problem hiding this comment.
Pull Request Overview
Adds a new GitHub Actions workflow to enforce JIRA ticket IDs in pull request titles by invoking a centralized reusable workflow.
- Introduce
.github/workflows/pr-workflow.yamldefining apull_request_target–triggered job. - Leverage
marklogic/pr-workflowsreusable workflow for JIRA ID validation. - Pass the PR title as input to the reusable workflow.
|
|
||
| on: | ||
| # Using pull_request_target instead of pull_request to handle PRs from forks | ||
| pull_request_target: |
There was a problem hiding this comment.
Using pull_request_target grants the workflow elevated permissions on forked PRs. Consider adding a minimal permissions block to restrict GITHUB_TOKEN scopes to only what's needed (e.g., read-only for pull requests) to reduce security risks.
Copilot uses AI. Check for mistakes.
| jira-pr-check: | ||
| name: 🏷️ Validate JIRA ticket ID | ||
| # Use the reusable workflow from the central repository | ||
| uses: marklogic/pr-workflows/.github/workflows/jira-id-check.yml@main |
There was a problem hiding this comment.
Pin the reusable workflow reference to a specific tag or commit SHA instead of @main to ensure reproducible runs and avoid unexpected changes when the central repo updates.
| uses: marklogic/pr-workflows/.github/workflows/jira-id-check.yml@main | |
| uses: marklogic/pr-workflows/.github/workflows/jira-id-check.yml@v1.2.3 |
Copilot uses AI. Check for mistakes.
| @@ -0,0 +1,16 @@ | |||
| name: 🏷️ JIRA ID Validator | |||
|
|
|||
| on: | |||
There was a problem hiding this comment.
Consider adding a concurrency stanza at the workflow level to cancel in-progress runs for the same PR (e.g., concurrency: { group: 'pr-${{ github.event.pull_request.number }}', cancel-in-progress: true }), preventing overlapping validations.
Copilot uses AI. Check for mistakes.
No description provided.