Open ST-DDT opened 2 weeks ago
The current run-nothing example is safe, but running anything in there that uses the source code is dangerous as it uses elevated permissions. I'll recommend rewriting the example or raising awareness by adding a comment.
https://github.com/shawakash/payBox/blob/88f24b6a14bad6fc0fc6ec34c3432347497b511e/.github/workflows/pr.yml#L18-L19 https://github.com/shawakash/payBox/blob/88f24b6a14bad6fc0fc6ec34c3432347497b511e/.github/workflows/pr.yml#L24-L25
The current run-nothing example is safe, but running anything in there that uses the source code is dangerous as it uses elevated permissions. I'll recommend rewriting the example or raising awareness by adding a comment.
https://github.com/shawakash/payBox/blob/88f24b6a14bad6fc0fc6ec34c3432347497b511e/.github/workflows/pr.yml#L18-L19 https://github.com/shawakash/payBox/blob/88f24b6a14bad6fc0fc6ec34c3432347497b511e/.github/workflows/pr.yml#L24-L25