<p>Dao Lam, Software Engineer, Verizon Media</p> <p>Previously, any <a href="https://screwdriver.cd">Screwdriver V4</a> user can start PR jobs (jobs configured to run on <code>~pr</code>) by forking the repository and creating a PR against it. For many pipelines, this is not a desirable behavior due to security reasons since secrets and other sensitive data might get exposed in the PR builds.</p> <p>Screwdriver V4 now allows users to specify whether they want to restrict forked PRs or all PRs using pipeline-level annotation <code>screwdriver.cd/restrictPR</code>.</p> <p><!-- more --></p> <p>Example:</p> <pre><code class="yaml">annotations: screwdriver.cd/restrictPR: fork shared: image: node:8 jobs: main: requires: - ~pr - ~commit steps: - echo: echo test </code></pre> <p>Cluster admins can set the default behavior for the cluster by setting the environment variable: <code>RESTRICT_PR</code>.</p> <p>Explore the guide <a href="https://docs.screwdriver.cd/user-guide/configuration/annotations">here</a></p> <h2>Compatibility List</h2> <p>In order to use this feature, you will need these minimum versions:</p> <ul><li><a href="https://hub.docker.com/r/screwdrivercd/screwdriver/">API</a> - v0.5.581</li> </ul><h2>Contributors</h2> <p>Thanks to the following contributors for making this feature possible:</p> <ul><li><p><a href="https://github.com/d2lam">d2lam</a></p></li> <li><p><a href="https://github.com/stjohnjohnson">stjohnjohnson</a></p></li> </ul><p><strong>Questions &amp; Suggestions</strong></p> <p><strong>We’d love to hear from you. If you have any questions, please feel free to reach out <a href="https://docs.screwdriver.cd/about/support">here</a>. You can also visit us on <a href="https://github.com/screwdriver-cd">Github</a> and <a href="https://slack.screwdriver.cd">Slack</a>.</strong></p>