search

luizm / action-sh-checker

A GitHub action that performs static analysis for shell scripts using shellcheck, shfmt and checkbashisms.
MIT License
132 stars 12 forks source link

feat: enable comments for pull_request_target event #57

Closed adonis0147 closed 1 month ago

adonis0147 commented 2 years ago

Currently, the action comments the pull requests only when it is triggered by pull_request event (See L205).

However, according to the article Keeping your GitHub Actions and workflows secure, the workflow has read-only permissions when it is triggered by pull_request event and it may fail and get the following errors.

Commenting on the pull request
{
  "message": "Resource not accessible by integration",
  "documentation_url": "https://docs.github.com/rest/reference/issues#create-an-issue-comment"
}

This pr enables the action to comment the pull requests when it is triggered by pull_request_target which has write permissions and fixes the above the errors.

josegonzalez commented 1 month ago

@luizm bump :)

luizm commented 1 month ago

Sorry for two year dalay, could you test if it is working as you expected?

adonis0147 commented 4 weeks ago

Sorry for two year dalay, could you test if it is working as you expected?

Hi @luizm , thanks for merging this PR. The modification in our project has been working well for a while.