ci: gate call-check-tflite-files behind approval-gate#3538
Open
s2ongmo wants to merge 1 commit intotensorflow:mainfrom
Open
ci: gate call-check-tflite-files behind approval-gate#3538s2ongmo wants to merge 1 commit intotensorflow:mainfrom
s2ongmo wants to merge 1 commit intotensorflow:mainfrom
Conversation
The Feb 10 hardening (PRs tensorflow#3425/tensorflow#3426/tensorflow#3432) added the gatekeeper + approval-gate dependency to the six call-* test jobs. The call-check-tflite-files job follows the same pull_request_target + checkout(head.sha) + script-execution pattern but was not gated in that change. Adding the same dependency keeps the seven jobs consistent.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
BUG=N/A (CI consistency fix; no functional change)
The Feb 10 security hardening (PRs #3425, #3426, #3432) added
needs: [gatekeeper, approval-gate]plus the matchingif:guard to all six other test jobs inpr_test.yml—call-core,call-windows,call-cortex-m,call-xtensa,call-hexagon,call-riscv.The
call-check-tflite-filesjob uses the same parent workflow trigger (pull_request_target) and the same checkout-by-head-sha pattern (viacheck_tflite_files.yml), but the gate dependency was not applied to it. This PR adds the same two lines for consistency:Behavior:
approval-gateresolves to an empty environment and passes immediately, so the job runs as before.approval-gateuses theintegration-testenvironment and waits for team approval, matching the other six jobs.tests-passedaggregator (line 128) is unaffected — it already listscall-check-tflite-filesinneeds:, and skipped jobs do not produce afailure/cancelledresult.No other changes.