Adding gitspiegel-trigger workflow

[mutantcornholio]

Using a workflow to trigger mirroring instead of a webhook allows us to reuse "Approving workflow runs from public forks" GitHub feature to somewhat protect us from malicious PRs

[mutantcornholio]

UPD: The first attept to use a workflow to protect GitLab CI from untrusted contributors failed, because GitHub doesn't pass secrets to workflows for PRs that originate from forks.

This uses a different approach: instead of triggerring gitspiegel API directly from the workflow, we're just spawning an empty workflow with a specific path, and gitspiegel listens for workflow_run event to start mirroring.

The idea is the same: for the first-time contributors, running workflows would require manual aciton and that would block mirroring. But this time, we don't need any secrets to make it work.

[paritytech-cicd-pr]

BENCHMARKS

	NATIVE			WASMTIME
BENCHMARK	MASTER	PR	DIFF	MASTER	PR	DIFF	WASMTIME OVERHEAD
execute/ bare_call_0	1.56ms	1.53ms	🟢 -1.74%	1.05ms	1.11ms	🔴 6.13%	🟢 -27%
execute/ bare_call_0/typed	1.17ms	1.17ms	⚪ 0.39%	766.95µs	755.19µs	🟢 -1.55%	🟢 -36%
execute/ bare_call_1	1.59ms	1.59ms	🟢 0.38%	1.23ms	1.25ms	🔴 1.55%	🟢 -22%
execute/ bare_call_16	2.68ms	2.62ms	🟢 -2.44%	3.25ms	3.24ms	🟢 -0.57%	🟢 24%
execute/ bare_call_16/typed	1.60ms	1.63ms	⚪ 1.99%	1.90ms	1.85ms	🟢 -2.57%	🟢 13%
execute/ bare_call_1/typed	1.26ms	1.25ms	⚪ -0.80%	1.07ms	1.11ms	🔴 3.09%	🟢 -11%
execute/ bare_call_4	1.79ms	1.80ms	🟢 0.74%	1.59ms	1.64ms	🔴 3.66%	🟢 -9%
execute/ bare_call_4/typed	1.23ms	1.21ms	🟢 -1.44%	1.11ms	1.10ms	🟢 -1.59%	🟢 -10%
execute/ br_table	1.35ms	1.33ms	🟢 -1.85%	1.22ms	1.19ms	🟢 -2.06%	🟢 -10%
execute/ count_until	650.05µs	650.02µs	⚪ -0.02%	1.29ms	1.29ms	⚪ 0.11%	🟡 98%
execute/ factorial_iterative	365.91µs	323.26µs	🟢 -11.64%	602.10µs	600.27µs	⚪ -0.35%	🟡 86%
execute/ factorial_recursive	510.13µs	483.01µs	🟢 -5.25%	746.52µs	748.88µs	⚪ 0.34%	🟡 55%
execute/ fibonacci_iter	1.40ms	1.40ms	⚪ 0.00%	2.82ms	2.80ms	⚪ -0.82%	🟡 100%
execute/ fibonacci_rec	4.23ms	3.97ms	🟢 -6.05%	6.76ms	6.75ms	⚪ 0.03%	🟡 70%
execute/ fibonacci_tail	855.33µs	855.05µs	⚪ 0.00%	1.65ms	1.63ms	🟢 -1.09%	🟡 91%
execute/ global_bump	739.83µs	740.79µs	⚪ 0.07%	1.68ms	1.69ms	⚪ 0.09%	🔴 128%
execute/ global_const	660.41µs	660.70µs	⚪ 0.04%	1.33ms	1.33ms	⚪ -0.02%	🔴 101%
execute/ host_calls	36.67µs	37.01µs	⚪ 0.23%	38.50µs	38.51µs	⚪ -0.02%	🟢 4%
execute/ memory_fill	1.21ms	1.22ms	⚪ 0.66%	2.46ms	2.45ms	⚪ -0.57%	🔴 101%
execute/ memory_sum	1.18ms	1.22ms	⚪ 2.72%	2.46ms	2.46ms	⚪ -0.04%	🔴 101%
execute/ memory_vec_add	2.34ms	2.34ms	⚪ -0.07%	5.25ms	5.25ms	⚪ 0.00%	🔴 124%
execute/ recursive_is_even	665.71µs	672.73µs	⚪ 0.48%	1.13ms	1.13ms	⚪ -0.03%	🟡 69%
execute/ recursive_ok	94.08µs	93.88µs	⚪ -0.13%	170.67µs	171.48µs	⚪ 0.39%	🟡 83%
execute/ recursive_scan	130.90µs	129.09µs	⚪ -1.41%	230.17µs	229.29µs	⚪ -0.46%	🟡 78%
execute/ recursive_trap	9.06µs	8.85µs	🟢 -2.43%	17.12µs	17.12µs	⚪ -0.04%	🟡 93%
execute/ regex_redux	460.24µs	460.41µs	⚪ 0.02%	891.51µs	891.02µs	⚪ -0.17%	🟡 94%
execute/ rev_complement	427.46µs	421.38µs	🟢 -1.40%	866.80µs	867.63µs	⚪ 0.14%	🔴 106%
execute/ tiny_keccak	322.87µs	322.98µs	⚪ 0.08%	672.37µs	675.38µs	⚪ 0.74%	🔴 109%
execute/ trunc_f2i	731.92µs	731.79µs	⚪ -0.03%	1.72ms	1.72ms	⚪ -0.07%	🔴 135%
instantiate/ wasm_kernel	52.94µs	54.67µs	🔴 2.58%	59.47µs	55.33µs	🟢 -7.32%	🟢 1%
translate/ erc1155	211.74µs	211.56µs	⚪ -0.08%	362.87µs	362.09µs	⚪ 0.01%	🟡 71%
translate/ erc20	104.90µs	105.73µs	⚪ 0.79%	175.45µs	175.22µs	⚪ -0.14%	🟡 66%
translate/ erc721	148.12µs	147.81µs	⚪ 0.09%	254.64µs	252.75µs	⚪ -0.76%	🟡 71%
translate/ spidermonkey	64.82ms	64.67ms	⚪ -0.21%	0.00ns	0.00ns	⚪ -0.21%	🟢 -100%
translate/ wasm_kernel	4.19ms	4.20ms	⚪ 0.34%	6.54ms	6.53ms	⚪ -0.24%	🟡 55%

Link to pipeline

[Robbepop]

I am not sure we need tgis for wasmi since I configured CI jobs to require an OK from repo admins before running for external contributor PRs.

[mutantcornholio]

I am not sure we need tgis for wasmi since I configured CI jobs to require an OK from repo admins before running for external contributor PRs.

This is a setting of GitHub actions, right?
The suggested change will effectively apply that button for following GitLab jobs:

[Robbepop]

The clippy warnings are not related to this PR. So we are good to go if this PR fixes the underlying issue.

[mutantcornholio]

@Robbepop I don't have necessary permissions to do that, could you merge it please?

[codecov-commenter]

Codecov Report

Merging #781 (bb564a7) into master (6568880) will increase coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #781      +/-   ##
==========================================
+ Coverage   81.13%   81.15%   +0.01%     
==========================================
  Files         270      270              
  Lines       23217    23217              
==========================================
+ Hits        18838    18841       +3     
+ Misses       4379     4376       -3     

see 2 files with indirect coverage changes

📣 Codecov offers a browser extension for seamless coverage viewing on GitHub. Try it in Chrome or Firefox today!