Pull requests testing

In Buddy, you can test and deploy pull requests using pipelines. Every time a pull request is created and/or a push is made to the corresponding branch, Buddy will automatically run the defined pipeline and send its execution status to GitHub.

Forks and branches

You can create pull requests within the same repository or a forked repository. If you run all pull requests within one repository and you don't work on a fork model, then it's enough to create a pipeline with * wildcard to test your pull requests. The pipeline will be run after every push to any branch in your repository. Thanks to that, each commit will be tested straight away and when you open a pull request, it will be marked with a status depending on the tests' result.

For security reasons, support for pull requests originating from forks is disabled by default.

To enable it:

  1. Go to Project Settings in the left column.
  2. Scroll down to the Pull requests section.
  3. Click the Enable pull requests switch to activate the feature:

Forked pull requestsForked pull requests

Once you switch this option on, you'll be able to select Pull requests by wildcard as the ref in the pipeline settings:

Adding a new pipelineAdding a new pipeline

If you enabled the PR support, make sure to use the refs/pull/* wildcard instead of a single * with the Pull requests by wildcard option. Using the * wildcard causes the pipeline to run twice for all PRs that from within the same repository. The pipeline will run triggered by the commit pushed to the branch and then because a new commit is detected in the PR even though this is a single event.

Actions

Now we can add a testing action and a notification that will let us know in case something goes wrong:

Pipeline examplePipeline example

Security

Remember that everyone can fork a public repository and create pull requests to that repo. If your repository is public, you should take special precautions towards securing the data defined in the environment variables. In a fork of your repo, a malicious actor can write a script that exposes your variables, and execute it remotely with a pipeline that runs automatically on PRs.

See also

Last modified on September 8, 2022

Get Started

Sign up for free and deploy your project in less than 10 minutes.