Skip to content

Commit

Permalink
github: Fix checklist action
Browse files Browse the repository at this point in the history 
Workflows triggered by the 'pull_request' event can't have write
permissions. With write permissions a malicious pull request can alter
or create a workflow that either leaks the GITHUB_TOKEN with the write
permissions or do malicious things in the workflow itself.

The 'pull_request_target' event on the other hand allows workflows to
run with write permissions but runs on the merge base of the PR, this
way a pull request that alters such a workflow will not have it's code
run until it's merged.

Signed-off-by: Ahmad Khalifa <[email protected]>
  • Loading branch information
@VexedUXR
VexedUXR committed Jan 25, 2025
1 parent 46a9fb7 commit 984dff3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/checklist.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ name: Checklist
# for the submission to align with CONTRIBUTING.md

on:
pull_request:
pull_request_target:
types: [ opened, reopened, edited, synchronize ]

permissions:
Expand Down

0 comments on commit 984dff3

Please sign in to comment.