You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, any repository can send an event to request a new publish in production, even if it is not part of the list of the sources of content. This could happen if the workflow in such repository is not correctly configured.
We could add a validation step when receiving the event prior starting the effective site rebuild and publish.
This validation would prevent to push to production when we receive an event from a repo that is not part of the production site (extra publish).
The GitHub context lets retrieve information about the repository. This could be used to validate that the branch and the repository are part of the production site. We have the information in the doc-site repo in the Antora playbook and in the preview script (for the mapping between the component name and the repo url).
In a first job of the workflow receiving the event, we could parse the Antora playbook to retrieve the list of the repositories used as source for the production site. And check if the repository which sent the event in this list to accept it (or not).
Currently, any repository can send an event to request a new publish in production, even if it is not part of the list of the sources of content. This could happen if the workflow in such repository is not correctly configured.
We could add a validation step when receiving the event prior starting the effective site rebuild and publish.
This validation would prevent to push to production when we receive an event from a repo that is not part of the production site (extra publish).
The GitHub context lets retrieve information about the repository. This could be used to validate that the branch and the repository are part of the production site. We have the information in the doc-site repo in the Antora playbook and in the preview script (for the mapping between the component name and the repo url).
In a first job of the workflow receiving the event, we could parse the Antora playbook to retrieve the list of the repositories used as source for the production site. And check if the repository which sent the event in this list to accept it (or not).
Implementing this feature may require #472 first.
The text was updated successfully, but these errors were encountered: