Skip to content

Commit

Permalink
Don't allow pushing images on forks
Browse files Browse the repository at this point in the history
  • Loading branch information
sgalsaleh committed Dec 13, 2023
1 parent 8a099ac commit 0f7545c
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions .github/workflows/build-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -409,7 +409,13 @@ jobs:
runs-on: ubuntu-20.04
needs: [ can-run-ci ]
steps:
# This workflow trigger may lead to malicious PR authors being able to obtain repository write permissions or stealing repository secrets.
# Please read https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# this action creates a branch based on remote branch and runs the tests
- uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}

- name: load environment variables from .image.env
uses: falti/dotenv-action@v1
Expand All @@ -427,7 +433,13 @@ jobs:
runs-on: ubuntu-20.04
needs: [ can-run-ci ]
steps:
# This workflow trigger may lead to malicious PR authors being able to obtain repository write permissions or stealing repository secrets.
# Please read https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# this action creates a branch based on remote branch and runs the tests
- uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}

- name: load environment variables from .image.env
uses: falti/dotenv-action@v1
Expand All @@ -445,7 +457,13 @@ jobs:
runs-on: ubuntu-20.04
needs: [ can-run-ci ]
steps:
# This workflow trigger may lead to malicious PR authors being able to obtain repository write permissions or stealing repository secrets.
# Please read https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# this action creates a branch based on remote branch and runs the tests
- uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}

- name: load environment variables from .image.env
uses: falti/dotenv-action@v1
Expand Down

0 comments on commit 0f7545c

Please sign in to comment.