Closed manno closed 4 years ago
This is more complicated than I thought:
pull-request-target makes sure the workflow definition is from the repo, but secrets might still be exposed to code from the fork.
pull-request-target
While the previous workflow looks safe in that regard, it would trigger tests twice if any label was on a local, approved PR.
The duplicated workflow makes sure to checkout the forked code.
#175030373
This is more complicated than I thought:
pull-request-targetmakes sure the workflow definition is from the repo, but secrets might still be exposed to code from the fork.While the previous workflow looks safe in that regard, it would trigger tests twice if any label was on a local, approved PR.
The duplicated workflow makes sure to checkout the forked code.
#175030373