Figure out how to add comments to PRs originating from outside parcel-bundler/parcel #11
Comments
|
maybe whitelist an ip range for github actions? |
|
Can't really seem to find an ip range for github actions, I guess I could log all ips that go into the api server and try and figure out the ip-range by hand... It would also allow anyone to write a github action and push to the parcel benchmark api which probably isn't ideal. (although a chance of anyone going through all that trouble just to post a false benchmark seems unlikely) I think the only way to do this without anyone being able to report a false report would be to run the entire action on a server we control whether it being some cloud vm we boot up for every action or a dedicated machine. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Apparently Github Actions run from the source branch not the target branch, so the apikey is undefined if a PR compares with a branch outside of the Parcel org.
Not having an API key is not an option unless we run the benchmarks on a seperate server. Related which might happen, see: #8 but than we'd also need to verify the source to ensure no-one can submit incorrect benchmarks
The text was updated successfully, but these errors were encountered: