Closed JakeChampion closed 3 years ago
o-grid bundle size difference from 5.2.10 to 29b83e5cc54db9785e81fe116b4b18a752c2f0f1 No significant bundle size differences found.
o-grid bundle size difference from 5.2.10 to 8705e70fdf0ef55e01148a7d7bb1887cc1ea3f7f No significant bundle size differences found.
o-grid bundle size difference from 5.2.10 to 7ee0b3965315b8be99df7847c0dda535f75090da No significant bundle size differences found.
o-grid bundle size difference from 5.2.10 to 2bd054e57feefde0238e46eae79678c4a639e4d4 No significant bundle size differences found.
o-grid bundle size difference from 5.2.10 to 36dffc63217a3ccbcdc8a13c9d92d4a6e6f864be No significant bundle size differences found.
We have workflows that currently fail to run correctly for pull-requests from forks or pull-requests from dependabot. The reason is because those workflows are being triggered by the 'pull_request' event, which does will use a restricted github api token for pull-requests from forks or dependabot for security reasons.
For our workflows which are 'safe' (meaning they do not checkout the code or execute the code in the repository), we can change their trigger from 'pull_request' to 'pull_request_target', which uses a github api token with more permissions, specifically it has permission to read/use secrets, which are the things are workflows require.
Our workflows are safe, they do not checkout or execute the code from the repository, so we should change to using
pull_request_target
to make our workflows work for dependabot and pull-requests from forks.