Skip to content

Commit

Permalink
Per [1], we need to use pull_request_target instead of pull_request
Browse files Browse the repository at this point in the history
here. The tl;dr is that this runs as the *users* credentials, but they
may not have access to the repo.

See also [2].

[1] https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
[2] actions/first-interaction#31

Signed-off-by: Kyle Mestery <[email protected]>
  • Loading branch information
mestery committed Jul 14, 2022
1 parent e7531ab commit 8ebc51f
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/first-interaction.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: 'First Interaction'
on:
issues:
types: [ opened ]
pull_request:
pull_request_target:
branches: [ main ]

workflow_dispatch:
Expand Down
File renamed without changes.

0 comments on commit 8ebc51f

Please sign in to comment.