floraachy
/
pytest2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ci: Security improvements

This commit is contained in:
Florian Bruhin 2022-01-03 14:54:02 +01:00
parent 9008144b9c
commit 817806a65e
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/backport.yml vendored
View File

@ -1,6 +1,12 @@
name: backport name: backport
on: on:
# Note that `pull_request_target` has security implications:
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# In particular:
# - Only allow triggers that can be used only be trusted users
# - Don't execute any code from the target branch
# - Don't use cache
pull_request_target: pull_request_target:
types: [labeled] types: [labeled]
@ -9,7 +15,7 @@ permissions: {}
jobs: jobs:
backport: backport:
if: ${{ startsWith(github.event.label.name, 'backport ') }} if: startsWith(github.event.label.name, 'backport ') && github.event.pull_request.merged
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: write contents: write