Skip to content

[docs] Fix OB1 gate v2 workflow runs#351

Open
alanshurafa wants to merge 1 commit into
NateBJones-Projects:mainfrom
alanshurafa:codex/fix-ob1-gate-v2-empty-runs
Open

[docs] Fix OB1 gate v2 workflow runs#351
alanshurafa wants to merge 1 commit into
NateBJones-Projects:mainfrom
alanshurafa:codex/fix-ob1-gate-v2-empty-runs

Conversation

@alanshurafa

@alanshurafa alanshurafa commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator

Summary

Fixes the active OB1 gate workflow file, .github/workflows/ob1-gate-v2.yml, so fork PRs get a real gate job instead of a zero-job failed workflow run.

What changed

  • Runs the gate on pull_request_target so the base repository workflow is used for fork PRs.
  • Keeps checkout pinned to refs/pull/<number>/head for read-only review of the PR contents.
  • Passes PR metadata through environment variables instead of interpolating untrusted PR fields directly into shell scripts.
  • Validates contribution metadata against the base branch schema file.
  • Updates the follow-up workflow to process pull_request_target gate runs.

Validation

  • go run github.com/rhysd/actionlint/cmd/actionlint@latest .github/workflows/ob1-gate-v2.yml .github/workflows/ob1-pr-followups.yml
  • git diff --check

Notes

The existing PR check for this PR may still be affected by the old gate workflow because workflow changes need to land on main before they control future PR events.

@alanshurafa

alanshurafa commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator Author

This is the current unblocker for the ingestion PRs (#347-#350).

What happened:

  • The ingestion PR heads were rebased onto current main; Markdownlint is now green on all four.
  • The active OB1 gate workflow, .github/workflows/ob1-gate-v2.yml, is still producing failed zero-job runs on those PRs.
  • The older [codex] Fix OB1 gate empty workflow runs #323 patch is stale: it targets .github/workflows/ob1-gate.yml, but current main only has ob1-gate-v2.yml.

What this PR changes:

  • Updates ob1-gate-v2.yml directly.
  • Runs the gate via pull_request_target so fork PRs use the base repo workflow and get real jobs.
  • Passes PR metadata through env vars to avoid direct untrusted PR-title interpolation in shell.
  • Keeps metadata validation pinned to the base branch schema.
  • Lets the follow-up workflow process pull_request_target gate runs.

Local validation passed:

  • go run github.com/rhysd/actionlint/cmd/actionlint@latest .github/workflows/ob1-gate-v2.yml .github/workflows/ob1-pr-followups.yml
  • git diff --check

Branch protection blocks me from merging my own PR: it requires at least one approving review from another maintainer. After this lands, I can retrigger #347-#350 and verify the gate on those PRs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@justfinethanku justfinethanku Awaiting requested review from justfinethanku

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alanshurafa