The github action to publish the comment runs on the develop branch and not on the pr to protect from external forks PR's the secrets and other configurations (to comment on the PR the action needs write and read permissions, which are dangerous to give to a fork from an external repository).
github-actions[bot]
commented
6 months ago
FTR
Limeapp automatic preview builds.
Now when a PR is marked with the Labels "artifact", an additional GH action will run to upload a built version of the limeapp on GH.
This artifact will store the PR number, to on posterior publish a GH comment on the PR with the artifacts url.
Example:
https://github.com/libremesh/lime-app/pull/398#issuecomment-1939264412
The github action to publish the comment runs on the develop branch and not on the pr to protect from external forks PR's the secrets and other configurations (to comment on the PR the action needs write and read permissions, which are dangerous to give to a fork from an external repository).
Further reading
Keeping your GitHub Actions and workflows secure
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
https://glasnt.com/blog/pull_request_target_labels/
Workflow run docs
https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run https://docs.github.com/en/webhooks/webhook-events-and-payloads#workflow_run