add release vscode workflow; fix changelog#10719
Conversation
Wiz Scan Summary
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
joehan
left a comment
joehan
left a comment
There was a problem hiding this comment.
Seems fine once we change the branch name
| TARGET_BRANCH="vscode-release-trigger-build-only" | ||
| else | ||
| TARGET_BRANCH="vscode-release-trigger" |
There was a problem hiding this comment.
Given these are going to be origins for release artifacts, you should work with Joe to set up branch protections for these branches.
| github.event.issue.pull_request && | ||
| startsWith(github.event.comment.body, '/run-release') && | ||
| (github.event.comment.author_association == 'OWNER' || | ||
| github.event.comment.author_association == 'MEMBER' || |
There was a problem hiding this comment.
Lets also assert that the pr aiuthor is an owner or maintainer as well. I don't think we'd ever run this on a contributor branch, but we should encode that into the rule
There was a problem hiding this comment.
Is anyone on fdc team a maintainer? We wouldn't be able to run the release in that case.
There was a problem hiding this comment.
spoke offline - now checking if PR creator is owner/member
morganchen12
left a comment
morganchen12
left a comment
There was a problem hiding this comment.
LGTM. Discussed the Wiz finding with Joe offline and it should be ok.
6 participants
Create a release-vscode-ext workflow, used to trigger the Kokoro build, sign, and publish pipeline.