diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index a68bdd9b19f9e4..0e3ca2191814ee 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -112,3 +112,4 @@ /docs/area-owners.* @jeffhandley /docs/issue*.md @jeffhandley /.github/policies/ @jeffhandley @mkArtakMSFT +/.github/workflows/ @dotnet/runtime-infrastructure diff --git a/.github/workflows/README.md b/.github/workflows/README.md new file mode 100644 index 00000000000000..308cb2d1a85b6b --- /dev/null +++ b/.github/workflows/README.md @@ -0,0 +1,6 @@ +# Workflows + +General guidance: + +- Please make sure to include the @dotnet/runtime-infrastructure group as a reviewer of your PRs. +- Do not use the `pull_request` event. Use `pull_request_target` instead, as documented in [Workflows in forked repositories](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#workflows-in-forked-repositories) and [pull_request_target](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request_target). diff --git a/.github/workflows/check-no-merge-label.yml b/.github/workflows/check-no-merge-label.yml index 1c01c2f7324175..37cc7adf20596b 100644 --- a/.github/workflows/check-no-merge-label.yml +++ b/.github/workflows/check-no-merge-label.yml @@ -4,8 +4,8 @@ permissions: pull-requests: read on: - pull_request: - types: [opened, edited, reopened, labeled, unlabeled, synchronize] + pull_request_target: + types: [labeled, unlabeled] branches: - 'main' - 'release/**' diff --git a/.github/workflows/check-service-labels.yml b/.github/workflows/check-service-labels.yml index 2d85e4d278a393..9726087abbf4dc 100644 --- a/.github/workflows/check-service-labels.yml +++ b/.github/workflows/check-service-labels.yml @@ -4,8 +4,8 @@ permissions: pull-requests: read on: - pull_request: - types: [opened, edited, reopened, labeled, unlabeled, synchronize] + pull_request_target: + types: [labeled, unlabeled] branches: - 'release/**'