Skip to content

Run pipelines for GitHub pull requests

Fabio Pitino requested to merge ee-detect-github-pull-requests into master

What does this MR do?

This MR introduces support for only/except: external_pull_requests when using the project for CI/CD only with a GitHub repository. When using only/except: external_pull_requests we allow jobs to be created for a pipeline if a GitHub pull request is open for the given ref.

This MR is an alternative approach to

When using a mirror for CI/CD only we register a pull_request webhook. When a pull_request webhook is received for the pull request being created, if the repository already contains the SHA related to the pull request, we create immediately a new pipeline. Otherwise we store the pull request info for when changes are pushed to branches. When changes are pushed to branches we check if any pull requests are opened for the given ref and create pipelines for pull requests.

Related to

CE port:

Does this MR meet the acceptance criteria?


Performance and testing


If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

End-To-End test

  • create new project as CI/CD for external repo
  • select GitHub as option
  • import repository
  • ensure that on GitHub both push and pull_request webhooks are registered
  • GitHub integration should also be active
  • add a .gitlab-ci.yml on GitHub repository containg
  script: echo 'this should always run'
  script: echo 'this should run on pull requests'
    - external_pull_requests

  script: echo 'this should not run on pull requests'
    - external_pull_requests
  • push changes to a new branch
  • if push webhook updates the mirror we should see a pipeline creating jobs always-run and except-pull-requests
  • open a pull request on GitHub
  • if pull request webhook is sent we should see a pipeline creating jobs always-run and only-pull-requests
  • when pushing new changes to the same branch we should see a pipeline created with always-run and only-pull-requests jobs for as long as the pull request remains open
  • close the pull request, should not trigger any pipelines
  • when pushing new changes to the same branch, this time, we should see a pipeline with always-run and except-pull-requests


  • always update ExternalPullRequest on pull request webhook as the source/target sha may change
  • if push and pull_request webhooks are sent together but
Edited by Kamil Trzciński

Merge request reports