ci: POC of untrsuted code exec on PR action

Azure / sql-action

🚀 Deploy changes to your SQL database easily with SQL projects or SQL scripts and sql-action for GitHub workflows

MIT License

103 stars 58 forks source link

ci: POC of untrsuted code exec on PR action #245

Closed bthuilot closed 1 week ago

bthuilot commented 1 week ago

use of npm run _ commands are executed in CI job that does not require approval for external contributors via use of pull_request_target

bthuilot commented 1 week ago

@microsoft-github-policy-service agree

bthuilot commented 1 week ago

This was testing the organization has set pull_request_target to require approval (by default github doesnt) , I see that is set so will close this PR!