From 01dec722e0460e6d117d52ed2de020d9ca558456 Mon Sep 17 00:00:00 2001 From: Alessandro Nadalini Date: Thu, 19 Mar 2026 09:46:37 +0100 Subject: [PATCH 1/2] Modified gitlab-ci.yml to enable CI also for PRs coming from external forks --- .github/workflows/gitlab-ci.yml | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/.github/workflows/gitlab-ci.yml b/.github/workflows/gitlab-ci.yml index b11676a..f346c8d 100644 --- a/.github/workflows/gitlab-ci.yml +++ b/.github/workflows/gitlab-ci.yml @@ -10,16 +10,38 @@ on: branches: - main pull_request: + pull_request_target: workflow_dispatch: jobs: - gitlab-ci: + # Internal PRs and pushes: run directly with secrets available. + gitlab-ci-internal: + if: > + github.event_name != 'pull_request_target' && + ( + github.event_name != 'pull_request' || + github.event.pull_request.head.repo.full_name == github.repository + ) runs-on: ubuntu-latest steps: - name: Check GitLab CI uses: pulp-platform/pulp-actions/gitlab-ci@v1 - # Skip on forks or pull requests from forks due to missing secrets. - if: github.repository == 'pulp-platform/MAGIA' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) + with: + domain: iis-git.ee.ethz.ch + repo: github-mirror/magia + token: ${{ secrets.GITLAB_TOKEN }} + poll-count: 2160 + + # Fork PRs: require maintainer approval before secrets are exposed. + gitlab-ci-external: + if: > + github.event_name == 'pull_request_target' && + github.event.pull_request.head.repo.full_name != github.repository + runs-on: ubuntu-latest + environment: external-prs + steps: + - name: Check GitLab CI + uses: pulp-platform/pulp-actions/gitlab-ci@v1 with: domain: iis-git.ee.ethz.ch repo: github-mirror/magia From dfdfa04de7843ec4537572355fa8b95038299bce Mon Sep 17 00:00:00 2001 From: Francesco Conti Date: Thu, 19 Mar 2026 11:07:57 +0100 Subject: [PATCH 2/2] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .github/workflows/gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/gitlab-ci.yml b/.github/workflows/gitlab-ci.yml index f346c8d..55c42ae 100644 --- a/.github/workflows/gitlab-ci.yml +++ b/.github/workflows/gitlab-ci.yml @@ -13,6 +13,9 @@ on: pull_request_target: workflow_dispatch: +permissions: + contents: read + jobs: # Internal PRs and pushes: run directly with secrets available. gitlab-ci-internal: