Prerequisites
Feature Summary
https://docs.gha-runners.nvidia.com/platform/apps/copy-pr-bot/
Problem/Use Case
Currently, triggering CI workflows on pull requests from public forks poses a security risk, especially when those workflows require access to secrets or internal runners. Conversely, manually pulling down fork code to run tests locally increases the cost of entry for maintainers and slows down the review cycle.
Proposed Solution
To fully integrate this, we need to complete the following steps:
[ ] Allowlist Entry: Open a PR to the copy-pr-bot repository to add our organization to src/orgs.ts.
[ ] Configuration: Add .github/copy-pr-bot.yaml to our default branch.
[ ] Workflow Migration: Update existing GitHub Action YAMLs to trigger on push to pull-request/* branches instead of (or in addition to) standard pull_request events.
Success Criteria
- Security: Prevents "pwn-request" attacks where malicious code attempts to exfiltrate secrets via CI logs.
- Automation: Eliminates the "waste of time" involved in manually checking out fork code.
- Standardization: Aligns us with the testing strategies used by high-scale NVIDIA and Open Source projects.
Alternatives Considered
No response
Component
CLI (eidos)
Priority
Important (would improve my workflow)
Compatibility / Breaking Changes
No response
Operational Considerations
No response
Are you willing to contribute?
Yes, I can open a PR
Prerequisites
Feature Summary
https://docs.gha-runners.nvidia.com/platform/apps/copy-pr-bot/
Problem/Use Case
Currently, triggering CI workflows on pull requests from public forks poses a security risk, especially when those workflows require access to secrets or internal runners. Conversely, manually pulling down fork code to run tests locally increases the cost of entry for maintainers and slows down the review cycle.
Proposed Solution
To fully integrate this, we need to complete the following steps:
[ ] Allowlist Entry: Open a PR to the copy-pr-bot repository to add our organization to src/orgs.ts.
[ ] Configuration: Add .github/copy-pr-bot.yaml to our default branch.
[ ] Workflow Migration: Update existing GitHub Action YAMLs to trigger on push to pull-request/* branches instead of (or in addition to) standard pull_request events.
Success Criteria
Alternatives Considered
No response
Component
CLI (eidos)
Priority
Important (would improve my workflow)
Compatibility / Breaking Changes
No response
Operational Considerations
No response
Are you willing to contribute?
Yes, I can open a PR