Skip to content

Commit

Permalink
Made commenting on PR work when the PR's creator doesn't have write a…
Browse files Browse the repository at this point in the history
…ccess to our repo

Relevant read:

Resource not accessible by integration
actions/first-interaction#10 (comment)
actions/first-interaction#10 (comment)

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
  • Loading branch information
risvh committed Mar 26, 2024
1 parent a6a1403 commit b30fb0f
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 5 deletions.
11 changes: 7 additions & 4 deletions .github/workflows/readable-data-changes.yml
Original file line number Diff line number Diff line change
@@ -1,29 +1,32 @@
name: Readable data changes

on:
pull_request:
pull_request_target:

jobs:
readable-data-changes:
runs-on: ubuntu-latest
steps:

- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
fetch-depth: '0'

- uses: actions/setup-python@v5
with:
python-version: '3.10'

- name: Parse asset changes to be more readable
id: readable-assets
run: python readableAssets.py
env:
REPO: ${{ github.repository }}
REPO_PATH: ${{ github.workspace }}
PRNUM: ${{ github.event.number }}
COMMIT_A: ${{ github.event.pull_request.base.sha }}
COMMIT_B: ${{ github.event.pull_request.head.sha }}
COMMIT_A: origin/${{ github.base_ref }}
COMMIT_B: HEAD

- name: Comment on PR
uses: thollander/actions-comment-pull-request@v2
Expand Down
6 changes: 5 additions & 1 deletion readableAssets.py
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,11 @@ def read_file_even_deleted(path):
return read_txt(path)

def run_command(command):
output = os.popen(command).read()
f = os.popen(command)
output = f.read()
status = f.close()
if status:
sys.exit(1)
return output

def set_multiline_output(name, value):
Expand Down

0 comments on commit b30fb0f

Please sign in to comment.