diff --git a/.github/workflows/build-brev-tutorial-docker-images.yml b/.github/workflows/build-brev-tutorial-docker-images.yml index d15d759d..9686b734 100644 --- a/.github/workflows/build-brev-tutorial-docker-images.yml +++ b/.github/workflows/build-brev-tutorial-docker-images.yml @@ -6,6 +6,8 @@ on: - main - "pull-request/[0-9]+" workflow_dispatch: + # pull_request is not supported for this workflow due to self-hosted runners + # see the "Reviewing PRs from forks" section in CONTRIBUTING.md for more details jobs: discover-tutorials: diff --git a/.github/workflows/pr-fork-comment.yml b/.github/workflows/pr-fork-comment.yml new file mode 100644 index 00000000..8ae89572 --- /dev/null +++ b/.github/workflows/pr-fork-comment.yml @@ -0,0 +1,26 @@ +name: Fork PR Comment + +on: + pull_request_target: + types: [opened, reopened] + +jobs: + comment: + # Only run if the PR is from a fork + if: github.event.pull_request.head.repo.full_name != github.repository + runs-on: ubuntu-latest + permissions: + pull-requests: write + + steps: + - name: Comment on PR + uses: actions/github-script@v7 + with: + script: | + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: '👋 Thank you for your contribution!\n\nThis pull request is from a forked repository so GitHub Actions will not be able to run CI. A maintainer will review your changes shortly and manually trigger the CI.\n\n**@maintainers** Please review this PR when you have a chance and follow the instructions in the [CONTRIBUTING.md](https://github.com/NVIDIA/accelerated-computing-hub/blob/main/CONTRIBUTING.md#reviewing-prs-from-forks) file to trigger the CI.' + }) + diff --git a/.github/workflows/test-links.yml b/.github/workflows/test-links.yml index 810e7dc1..6f502e74 100644 --- a/.github/workflows/test-links.yml +++ b/.github/workflows/test-links.yml @@ -4,6 +4,8 @@ on: push: branches: - '**' + # pull_request is not supported for this workflow due to self-hosted runners + # see the "Reviewing PRs from forks" section in CONTRIBUTING.md for more details jobs: test-links: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 090b4ddf..972777f4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -53,6 +53,33 @@ A module should have the following directory structure: * Each lab translation and programming language combination should have a `solutions` directory containing correct solutions. +## Reviewing PRs From Forks + +Due to security challenges of running CI on self-hosted GitHub Actions runners workflows on PRs from forks will not trigger automatically. + +To work around this a maintainer needs to inspect the PR to ensure there are no concerns with running it, then push a copy of the PR to a branch on the upstream repo. This will trigger the CI to run. The results of the workflow will be reported back on the PR due to the matching SHAs of each commit. + +```bash +# Use the GitHub CLI to check out the PR +gh pr checkout 123 + +# Push to a PR branch on the upstream +git push upstream pull-request/123 +``` + +If the contributor makes further changes these will also need to be pulled/pushed to trigger the CI again. + +```bash +# Check out the PR branch again +gh pr checkout 123 +# Or just `git checkout && git pull` if you already have it + +# Push to upstream PR branch +git push upstream pull-request/123 # You may need --force id the contributor has rewritten their history +``` + +See the [GitHub Actions NVIDIA Runners documentation for more information](https://docs.gha-runners.nvidia.com/platform/onboarding/pull-request-testing/). + ## Attribution Portions adopted from [https://github.com/OpenACC/openacc-training-materials/blob/master/CONTRIBUTING.md](https://github.com/OpenACC/openacc-training-materials/blob/master/CONTRIBUTING.md)