beenull/themes-wordpress
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use pull_request_target to avoid token restriction (#7771)

Browse source 
Due to restrictions imposed to the `GH_TOKEN` when forks are created
from forks when workflows are triggered by the pull_request event, I'm
switching the execution to be done on `pull_request_trigger`, which
lifts said restrictions.

Docs: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target

> This event runs in the context of the base of the pull request, rather
than in the context of the merge commit, as the pull_request event does.
This prevents execution of unsafe code from the head of the pull request
that could alter your repository or steal any secrets you use in your
workflow. This event allows your workflow to do things like label or
comment on pull requests from forks. Avoid using this event if you need
to build or run code from the pull request.
This commit is contained in:
Vicente Canales 2024-04-26 11:04:50 -05:00 committed by GitHub
parent 42fede90d2
commit 3f87042114
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/preview-theme.yml vendored
View file

@ -1,7 +1,8 @@
name: Preview Theme Changes
on:
pull_request:
pull_request_target:
types: [opened, synchronize]
jobs:
check-for-changes-to-themes: