Closed DistributedDoge closed 8 months ago
Effects of recent PR:
master
branch of host repo, not the branch PR is trying to merge.Solution is to modify checkout
step to explicitly specify which branch we want to run our code on.
:rocket: Nice digging, nice PRing!
I think root of the problem when merging #27 was this, and now that repository is using secrets, it may also affect all future pull requests:
Looking online, I see suggestions that replacing
pull_request
withpull_request_target
might give the Github CI runner access to secrets of host (i.e. this) repository when a pull request is made.EDIT: Might also need some changes to @.checkout step to make sure we execute the code that is supplied inside pull request.
The downside of allowing secrets in pull requests, malicious PRs, is partially mitigated by
GitHub Actions: Maintainers must approve first time contributor workflow runs
.EDIT: Two posssible alternatives
CI
workflow.CI
, then it won't need secrets