This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author rmast
Recipients FFY00, brett.cannon, lukasz.langa, pablogsal, rmast, steve.dower, vstinner, zach.ware
Date 2021-08-23.16:46:48
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1629737208.15.0.776233028428.issue44972@roundup.psfhosted.org>
In-reply-to
Content 
> On the main request, provided the workflow_dispatch is only triggerable by non-contributors in their own fork (without any of our tokens/etc.) then it's fine by me. If it allows anyone to trigger CI builds against the main repo, I'd rather not.

It should require write permissions in a repository to use the trigger, so they'll only be able to run workflows in the context of their fork: https://github.community/t/who-can-manually-trigger-a-workflow-using-workflow-dispatch/128592/4

I think you could also test this out by going to my fork and seeing if it lets you trigger the workflow: https://github.com/nightlark/cpython/actions/workflows/build.yml
History
Date User Action Args
2021-08-23 16:46:48rmastsetrecipients: + rmast, brett.cannon, vstinner, lukasz.langa, zach.ware, steve.dower, pablogsal, FFY00
2021-08-23 16:46:48rmastsetmessageid: <1629737208.15.0.776233028428.issue44972@roundup.psfhosted.org>
2021-08-23 16:46:48rmastlinkissue44972 messages
2021-08-23 16:46:48rmastcreate