AFAIK, users can change their GH handle, but there's an int identifier that is immutable and guaranteed to be unique.
@aktech - how does cirun perform the check? Just string comparison? Or do we check the IDs anywhere? I assume we would have to include the id in the JSON to actually ensure that it's the trigger username is the same account that was enabled via PR, and not another that took over. Quite the edge case, I know, but just wondering.
AFAIK, users can change their GH handle, but there's an
intidentifier that is immutable and guaranteed to be unique.@aktech - how does cirun perform the check? Just string comparison? Or do we check the IDs anywhere? I assume we would have to include the id in the JSON to actually ensure that it's the trigger username is the same account that was enabled via PR, and not another that took over. Quite the edge case, I know, but just wondering.