Skip to content

CI: Automating workflow execution for internal contributors only#4825

Closed
Muhamed-Husic wants to merge 2 commits intoROCm:developfrom
Muhamed-Husic:security/trusted-contributors-flow
Closed

CI: Automating workflow execution for internal contributors only#4825
Muhamed-Husic wants to merge 2 commits intoROCm:developfrom
Muhamed-Husic:security/trusted-contributors-flow

Conversation

@Muhamed-Husic
Copy link
Copy Markdown
Contributor

@Muhamed-Husic Muhamed-Husic commented Apr 28, 2026

Motivation

The goal of this PR is to make sure untrusted fork contributors can't run performance pipeline without explicit maintainer approval, while trusted contributors (members, collaborators and same repo PRs) run it automatically.

Technical Details

Same repo PRs and trusted contributors now run this workflow automatically without needing ok-to-test label, while untrusted fork contributors still require maintainer approval via ok-to-test label before anything runs. Also added new step to handle cases where maintainer approves a fork PR by adding the label, but the contributor then pushes new (potentially malicious) commit before the tests finish. Without this step those new unreviewed commits would run through the pipeline under the cover of previous approval.

Changelog Category

Add a CHANGELOG.md entry for any option other than Not Applicable

    • Added: New functionality.
    • Changed: Changes to existing functionality.
    • Removed: Functionality or support that has been removed. (Compared to a previous release)
    • Optimized: Component performance that has been optimized or improved.
    • Resolved Issues: Known issues from a previous version that have been resolved.
    • Not Applicable: This PR is not to be included in the changelog.

@Muhamed-Husic Muhamed-Husic requested a review from causten as a code owner April 28, 2026 12:44
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 29, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #4825      +/-   ##
===========================================
+ Coverage    92.49%   92.52%   +0.02%     
===========================================
  Files          583      583              
  Lines        29562    29967     +405     
===========================================
+ Hits         27343    27724     +381     
- Misses        2219     2243      +24

see 26 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Muhamed-Husic
Copy link
Copy Markdown
Contributor Author

Muhamed-Husic commented Apr 29, 2026

Closing in favour of #4830 which implements different approach

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@causten causten Awaiting requested review from causten causten is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Muhamed-Husic