6f780152c3
Added security patch delivery workflows (#71101)
* adding security patch workflows
* adding grafana-delivery as codeowners for new pr-security-check workflows
* adding release branch triggers to PR security patch github action
* joined security patching mirror and apply jobs
* remove temp files
(cherry picked from commit d88046d3d4)
Co-authored-by: Ricky Whitaker <ricky.whitaker@grafana.com>
25 lines
953 B
YAML
25 lines
953 B
YAML
# Owned by grafana-delivery-squad
|
|
# Intended to be dropped into the base repo Ex: grafana/grafana
|
|
name: Check for security patch conflicts
|
|
run-name: check-security-patch-conflicts-${{ github.base_ref }}-${{ github.head_ref }}
|
|
on:
|
|
pull_request_target:
|
|
types:
|
|
- opened
|
|
branches:
|
|
- "main"
|
|
- "v*.*.*"
|
|
- "release-*"
|
|
|
|
# Since this is run on a pull request, we want to apply the patches intended for the
|
|
# target branch onto the source branch, to verify compatibility before merging.
|
|
jobs:
|
|
trigger_downstream_patch_check:
|
|
uses: grafana/security-patch-actions/.github/workflows/test-patches.yml@main
|
|
with:
|
|
src_repo: "${{ github.repository }}"
|
|
src_ref: "${{ github.head_ref }}" # this is the source branch name, Ex: "feature/newthing"
|
|
patch_repo: "${{ github.repository }}-security-patches"
|
|
patch_ref: "${{ github.base_ref }}" # this is the target branch name, Ex: "main"
|
|
secrets: inherit
|