Adding web-flow to CLA allowlist #50469
Conversation
doggydogworld
requested review from
klizhentas,
russjones,
r0mant,
zmb3,
fheinecke,
camscale,
tcsc,
rosstimothy and
codingllama
as code owners
| # dependabot: Dependency management tool that keeps us up-to-date on latest releases | ||
| # teleport-post-release-automation: Creates PRs for updating docs after a release is made | ||
| # web-flow: GitHub owned user that owns commits that are done through Web APIs | ||
| allowlist: 'dependabot[bot],teleport-post-release-automation[bot],web-flow' |
There was a problem hiding this comment.
Could an external contributor use GH's web APIs to commit code (in the same manner as the post-release automation) and bypass this check?
What's the actual (legal) impact of an external contributor doing this? If there isn't a quick/easy answer, is it even worth the time to investigate, or should we just merge this as is?
Can you link to the automation that uses this web-flow user for reviewers? |
Updated the description to include an example. For more information I believe that this git config is the reason that it shows up as |
|
Let's change that to an email that we own instead of using GitHub's no-reply email as the commit author. |
Adding web-flow to CLA allowlist. The web-flow user is used as part of our automation for post release.
Currently the user is being used for our post-release AMI update commit. For an example see here: 25638a2