Mathieu Pillard
Mathieu Pillard
Dependabot PRs doesn't have access to secrets either, despite technically not being a fork. In either case (forks/dependabot) access to secrets could be a security issue (especially if the change...
> We worked around the original issue of not being able to use the build+push job [by adding a condition around it](https://github.com/mozilla/addons-server/blob/e1e622c3767aad3ac86e7d1a967999cec80d5285/.github/workflows/ci.yml#L27): I think the dependabot part of this condition...
Yes, that's my thinking as well. We should modify that check to only do it on PRs or dependabot branches. Or even figure out if the secrets are available and...
@dependabot rebase
For most reviewer tools functionality that is going to be enough, but resolving abuse reports with no action (or linking to cinder policies in the admin) would need a cinder...
Andrew to check whether we can directly import prod in fixtures or something along those lines.
> Note to myself and other maintainers: we cannot land a patch until other components that follow the linter behavior are also accepting larger JSON file limits (e.g. the internal...
As discussed on slack, this is not as trivial to implement as it may seem. A key problem is that for this to work you'd need to be able to...
@eviljeff so submit a draft PR of an idea we need to investigate for this
@dependabot rebase