List of wild CI ideas
-
Registrator-like permission checking — is the user who triggered the pipeline actually a developer of the packages? Problem: probably requires OAuth because project member lists are generally private, so you'd have to try to access the repo by impersonating the user and see if it works. That sounds complicated -
Keeping a "database" (a CSV file in the repo) of open pull requests and a (daily) scheduled pipeline that - autodeletes merged branches on Github
- tags the releases if the PRs are merged