Update Github Actions to secure pull request workflows from forks

contentauth / c2pa-js

JavaScript SDK for displaying and validating C2PA data

https://opensource.contentauthenticity.org

MIT License

74 stars 40 forks source link

Update Github Actions to secure pull request workflows from forks #13

Open dkozma opened 2 years ago

dkozma commented 2 years ago

Right now, secrets are not shared for forks on GitHub Actions, which is breaking pull request validations on forked repos. For now, we will be making branches on the local repo, however we should be using the pull_request_target workflow and conditionally running actions as discussed here: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

crandmck commented 1 year ago

@adobe export issue to Jira project CAI

github-jira-sync-bot commented 1 year ago

:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/CAI-3376 is successfully created for this GitHub issue.