Comments (5)
Great! Yeah, it worked. For the record, I didn't need to allow explicitly the workflow to be run, it did it automatically. Thanks for the help!
from repo-lockdown.
Thanks for the bug report! I've also tested with my own pull requests only during development, but that breaks down during normal use, because the pull requests you want to avoid are created by untrusted users, so workflows triggered by the pull_request
event will get read-only tokens from GitHub.
The fix is to replace the pull_request
event with pull_request_target
in your workflow file, so that the workflow run can get write access to pull requests. Using this event is safe with the standalone example workflows from the README, but should not be combined with other actions that check out the pull request code or otherwise touch the changes.
https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target
Recent changes on GitHub regarding workflow run approvals may also complicate things, but I'm not sure if that also applies to workflows triggered by the pull_request_target
event.
https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks
from repo-lockdown.
Thanks for the quick response! I have updated the target in my repository. I already saw the new GitHub thing about approving workflow runs from public forks, and I have to admit that I was pretty confused. There's an easy way to check if pull_request_target
works with this feature, tough; open a dummy pull request in my repository and let's see what happens.
PS: Maybe this pull_request
vs pull_request_target
issue should be detailed in the README (maybe it is, but I just didn't see it?)
from repo-lockdown.
Yes, I've left the issue open because I plan to make some changes to the documentation. It seems to work now 😋: Dr-Noob/cpufetch#105
from repo-lockdown.
Fixed in 20caf22. I couldn't trigger workflow approvals either with this event.
from repo-lockdown.
Related Issues (9)
- https://github.com/apps/repo-lockdown isn't working HOT 3
- How to install on a different GitHub? HOT 2
- Does it work for single branch or the whole repository? HOT 2
- Comment only on open pull requests and issues, not closed ones HOT 11
- Deprecation message for legacy app
- Org-wide config? HOT 3
- Node.js 12 actions are deprecated; The `set-output` command is deprecated HOT 1
- feat: exclude lockdown by user HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from repo-lockdown.