-
Notifications
You must be signed in to change notification settings - Fork 706
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change tagbot workflow to run on pull_request_target and comment on security #21779
Conversation
On @ocaisa 's request i reworked the workflow to print a warning if someone modifies the script. This will not run here yet, since the develop branch version doesn't have pull_request_target yet, so I will make a demonstration on my own repo and link here. |
d11650f
to
495b0ca
Compare
pull_request_target
Well this rabbit hole was deep. Had to, like many others, rediscover actions/checkout#518
Also other cleanups, tweaks, to make things more robust and nicer. |
Example PRs on my own fork to show the bot in action:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The proof will be in the pudding
Going in, thanks for all the effort on this @Micket ! |
See https://github.com/actions/labeler?tab=readme-ov-file#permissions