Merge pull request #813 from thomasnordquist/chore/dont-use-pull-request-target-for-untrusted-code
dont use pull_request_target as it opens the repo for pwnage..
This commit is contained in:
Björn Dalfors
2
.github/workflows/tests.yml
vendored
2
.github/workflows/tests.yml
vendored
@@ -12,8 +12,6 @@ jobs:
|
|||||||
options: --user root
|
options: --user root
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
with:
|
|
||||||
ref: '${{ github.event.pull_request.merge_commit_sha }}' # since event is pull_request_target
|
|
||||||
- name: Install Packages
|
- name: Install Packages
|
||||||
run: yarn install --frozen-lockfile
|
run: yarn install --frozen-lockfile
|
||||||
- name: Build
|
- name: Build
|
||||||
|
|||||||
Reference in New Issue
Block a user