#release-engineering - March 2022 | Slack Archive

My team ~~hates~~ dislikes the /test all chatops that I set up in order to run GitHub Actions that require secrets from forks. (I copy/pasted CloudPosse's slash-command-dispatch.yaml) We looked at enabling that setting that requires approvals before pipeline runs from forks, but it only requires an approval once from a given user. It's a mitigation to prevent annoyance and frivolous pipeline runs, not to protect the repo's secrets.

Is there any other option? I'm sure you guys have looked at this a lot.