search

DomT4 / homebrew-autoupdate

:tropical_drink: An easy, convenient way to automatically update Homebrew.
BSD 2-Clause "Simplified" License
968 stars 54 forks source link

Generate help command output for readme with github action #135

Open swissbuechi opened 2 months ago

swissbuechi commented 2 months ago

Initial PR: https://github.com/DomT4/homebrew-autoupdate/pull/114

Please take a look at all the comments and tests from the initial PR

Related PR which could be solved by merging this PR: https://github.com/DomT4/homebrew-autoupdate/pull/134

DomT4 commented 1 month ago

Forgive the naivety - I've not used GitHub actions much. Where is the robot getting its permissions from to update files? Is there any exploit mechanism with that that someone could use nefariously or is it locked down?

swissbuechi commented 1 month ago

Forgive the naivety - I've not used GitHub actions much. Where is the robot getting its permissions from to update files? Is there any exploit mechanism with that that someone could use nefariously or is it locked down?

It's using the "managed identity" of the github action to automatically authenticate via git.

It has a permission block where I specified that the $GH_TOKEN, which is used by the action, has write access to the content of the repository and therefore can make commits.

This is a common usecase for a github action and I can't see any security problems.