tablet/terraform-provider-dokploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update GH Action 'add-content-to-project' to use 'pull_request_target' to allow access to project secrets (#18)

Browse Source
This commit is contained in:
Ivan De Marino 2022-03-10 15:22:40 +00:00 committed by GitHub
parent 2c9545cb57
commit 330e0883fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/add-content-to-project.yml vendored
View File

@ -5,9 +5,12 @@ name: "Add Issues/PRs to TF Provider DevEx team board"
on: on:
issues: issues:
types: [opened, reopened] types: [opened, reopened]
pull_request: pull_request_target:
# NOTE: The way content is added to project board is equivalent to an "upsert". # NOTE: The way content is added to project board is equivalent to an "upsert".
# Calling it multiple times will be idempotent. # Calling it multiple times will be idempotent.
#
# See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# to see the reasoning behind using `pull_request_target` instead of `pull_request`
types: [opened, reopened, ready_for_review] types: [opened, reopened, ready_for_review]
jobs: jobs: