If you are using GitHub Actions it SHOULD be configured so that pull requests from forks will trigger it.
This is especially important if the maintainer set up branch protection rules which prevent merging PRs which did not pass CI.
This can be also confusing when there are no branch protection rules, in which case it could lead to accepting a PR which silently breaks the code.
For these reasons we recommend being permissive on
pull_request event and explicit on which branches trigger CI on
push event, e.g.
on: pull_request: push: branches: - main
which will trigger only
pull_request event for pull requests, but not
push event when a PR is created.
Merge trains allow to merge multiple outstanding pull request and check if all the changes are compatible.
They usualy merge into a temporary branch which SHOULD be used to run CI on, as a side effect the CI infrastructure is triggered less often as PRs are batched. Examples of merge trains include:
mergify or GitHub's own
Specific configuration depends on the application one is using, for example when using
bors one it's a good idea to configure GitHub Actions with:
on: pull_request: push: branches: - 'bors/*'
Running GitHub Actions for external contributors
GitHub allows to configure which actions can run automatically from public forks. The maintainer ought to decide what level of security is required, please see the GitHub documentation.