You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
Restrict manual deploys to main
With this bare workflow_dispatch, a maintainer can choose any branch/ref in the manual “Run workflow” UI; this job later checks out that selected ref and deploys the resulting ${GITHUB_SHA} image to the Cloud Run environments. That bypasses the previous push trigger's main-only deployment restriction, so a feature branch can be manually promoted to production unless the workflow gates github.ref == 'refs/heads/main' or otherwise validates the selected ref.
The reason will be displayed to describe this comment to others. Learn more.
Restrict manual deploys to main
With this workflow_dispatch trigger, a repo writer can manually run the workflow against any branch (GitHub documents the Branch dropdown/--ref behavior: https://docs.github.com/en/actions/how-tos/manage-workflow-runs/manually-run-a-workflow). I checked this workflow’s deploy path: it checks out the dispatched ref and then builds/deploys ${GITHUB_SHA} to the configured Cloud Run services, so selecting an unmerged feature branch can deploy non-main code to the paper/HK/SG environments despite the existing push trigger being limited to main; add a job/step guard such as github.ref == 'refs/heads/main' if manual deploys are meant to match the production path.
Useful? React with 👍 / 👎.
env:
GCP_PROJECT_ID: longbridgequant
Expand Down
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With this bare
workflow_dispatch, a maintainer can choose any branch/ref in the manual “Run workflow” UI; this job later checks out that selected ref and deploys the resulting${GITHUB_SHA}image to the Cloud Run environments. That bypasses the previouspushtrigger'smain-only deployment restriction, so a feature branch can be manually promoted to production unless the workflow gatesgithub.ref == 'refs/heads/main'or otherwise validates the selected ref.Useful? React with 👍 / 👎.