Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate the source of the repository sending an event to trigger a new publish in production #765

Open
tbouffard opened this issue Aug 14, 2024 · 0 comments

Comments

@tbouffard
Copy link
Member

tbouffard commented Aug 14, 2024

Currently, any repository can send an event to request a new publish in production, even if it is not part of the list of the sources of content. This could happen if the workflow in such repository is not correctly configured.

We could add a validation step when receiving the event prior starting the effective site rebuild and publish.
This validation would prevent to push to production when we receive an event from a repo that is not part of the production site (extra publish).

The GitHub context lets retrieve information about the repository. This could be used to validate that the branch and the repository are part of the production site. We have the information in the doc-site repo in the Antora playbook and in the preview script (for the mapping between the component name and the repo url).

In a first job of the workflow receiving the event, we could parse the Antora playbook to retrieve the list of the repositories used as source for the production site. And check if the repository which sent the event in this list to accept it (or not).

Implementing this feature may require #472 first.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant