jeffmaury
commented
3 years ago See this from GitHub security team: https://securitylab.github.com/research/github-actions-preventing-pwn-requests
Open jeffmaury opened 3 years ago
jeffmaury
commented
3 years ago See this from GitHub security team: https://securitylab.github.com/research/github-actions-preventing-pwn-requests
maxandersen
commented
7 months ago @gsmet wdyt? should we have github bot add "preview" label on prs that only touch non-yml content and otherwise require a "preview" label for this to run to avoid this issue?
https://github.com/quarkusio/quarkusio.github.io/blob/89aa226c7f6b474a614806f542cc413eb5a34b20/.github/workflows/preview.yml#L4
Would allow someone to submit a PR that dumps all secrets in the run log