Consider moving the bot back to Github Actions #54
Comments
|
I would also like to see more customizability out of this bot. I may be a niche case, but I am trying to build out a conventional commit ci workflow using changesets. For that, it would be useful if I could run a script to convert commit messages to changesets before the bot runs through its scripts. |
|
This is an interesting idea, but you'd still need the head of the PR, since that's the one that would contain any changesets to check for.
I'm not sure how much of this would need to be implemented in user land, vs. could be contained within the action itself. You could also have a condition that would check if this was a fork or not. if it isn't a fork, you can skip step 3. |
|
I've also wanted this recently, just for filtering. DefinitelyTyped-tools uses changesets but hasn't enabled the bot because we don't want people to add changesets for the
You definitely do not want to be cloning any untrusted code in For example, https://github.com/microsoft/TypeScript/blob/main/.github/workflows/pr-modified-files.yml is a workflow which triages PRs and closes / replies to them if certain conditions are met, but done without cloning. See also: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ |
Hi,
I noticed that this bot used to be an action, but it didn't work for forks, so it was moved to a bot.
Have you considered moving it back to a github action now that you can use
pull_request_target?Moving it to an action would let users customize things. For example, I'd like to disable the bot when PRs only modify certain folders.
The text was updated successfully, but these errors were encountered: