github/flutter
7
0
Fork 0
mirror of https://github.com/flutter/flutter.git synced 2025-06-03 00:51:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
73bf206f35
flutter/docs/infra/GitHub-Action-Workflows.md
Kate Lovett 7d891907e3
[wiki migration] Infra team pages (#148718) 
This sorts the wiki pages owned by the Infra team in the docs/ directory as planned in [flutter.dev/go/migrate-flutter-wiki-spreadsheet](https://docs.google.com/spreadsheets/d/1x65189ZBdNiLRygpUYoU08pwvXD4M-Z157c6pm8deGI/edit?usp=sharing) 

It also adds the team-infra label to the bot for future PRs.

Image assets were checked in here: https://github.com/flutter/assets-for-api-docs/pull/246

Changes to the content were only updating links. The remaining wiki links will be updated after the rest of the pages are relocated, the original wiki links still work in the meantime.

Part of https://github.com/flutter/flutter/issues/145009
2024-05-21 18:17:10 +00:00

59 lines
2.4 KiB
Markdown
Raw Blame History

# GitHub actions at Flutter
Action workflows can be enabled by writing a yaml file inside .github/workflows
folder of a given repository. These workflows run arbitrary code from GitHub
repositories and with read/write permissions in the repository assets. This can
be dangerous as anyone with write permissions to the repository can enable
workflows using malicious code. To mitigate this only workflows with pinned
commits within an allowed list can be executed.
Flutter repositories have workflows enabled with readonly ACLs by default. The
ACLs can be overwritten providing specific permissions in the configuration
file.
Determining whether a given workflow is secure or not goes well beyond flutter's
capacity and it is the responsibility of the person enabling the workflow to
diligently check the workflow for any potential security issues.
## Adding a new GitHub Actions workflow
To add a new workflow please open a new bug using the [ticket queue process](https://github.com/flutter/flutter/wiki/Infra-Ticket-Queue). The following data points are required:
* Description/reason to enable this workflow
* workflow repository
* pinned commit
## Updating a GitHub Actions workflow
To update an existing workflow please open a new bug using the [ticket queue process](https://github.com/flutter/flutter/wiki/Infra-Ticket-Queue). The following data points are required:
* Description/reason to update the pinned version
* workflow/old_pinned_version
* workflow/new_pinned_version
## flutter/engine and flutter/flutter
***flutter/engine*** please do not add any action workflows to this repository.
The preferred way of building and testing is to use LUCI. This allows to plan
for scalability, security and maintainability.
***flutter/flutter*** the main use of workflows in this repo is to process bugs,
projects, etc. Please do not use action workflows to build, run tests or release
artifacts.
## Checklist
New workflow:
* Does it have an associated bug?
* Was the workflow/commit added to the allow list? Is the workflow pinned to a
given commit?
* If the workflow require write access, is it overriding the ACLs explicitly?
* If the target repository has branch protection, is the configuration using
***secrets.FLUTTERGITHUBBOT_TOKEN*** instead of the default one?
* Is the workflow configured to not run on forks?
Update workflow:
* Does it have an associated bug?
* Was the workflow with old and new commits added to the allowed list?
Reference in New Issue View Git Blame Copy Permalink