diff options
| author | Harsh Shandilya <me@msfjarvis.dev> | 2020-12-22 00:32:56 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-22 14:02:56 +0530 |
| commit | 3c85930e6ff311a892ee3e9a59292beb34845113 (patch) | |
| tree | 3b77958a36c3589c37076baf413b7215486258d8 /.github | |
| parent | 37c8b416d5ed657e89878b5f28394fa4640294e9 (diff) | |
Switch back to pull_request to mitigate security issue (#1257)
According to advisory GHSL-2020-367 the changes I made to support pull_request_target make this repository vulnerable to attacks from any malicious forker
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/pull_request.yml | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 9aea7157..167da563 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -1,4 +1,4 @@ -on: [pull_request_target] +on: [pull_request] name: Check pull request jobs: @@ -9,8 +9,8 @@ jobs: api-level: [23, 29] steps: - - name: Auto-cancel redundant workflow run - uses: technote-space/auto-cancel-redundant-workflow@f9dfa1c127a520e4d71b92892850f861fb861206 + #- name: Auto-cancel redundant workflow run + # uses: technote-space/auto-cancel-redundant-workflow@f9dfa1c127a520e4d71b92892850f861fb861206 - name: Check if relevant files have changed uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9 @@ -31,8 +31,8 @@ jobs: - name: Checkout repository if: ${{ steps.service-changed.outputs.result == 'true' }} uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - with: - ref: refs/pull/${{ github.event.pull_request.number }}/merge + #with: + # ref: refs/pull/${{ github.event.pull_request.number }}/merge - name: Copy CI gradle.properties if: ${{ steps.service-changed.outputs.result == 'true' }} |