Giter Site home page Giter Site logo

Comments (5)

Dr-Noob avatar Dr-Noob commented on May 24, 2024 1

Great! Yeah, it worked. For the record, I didn't need to allow explicitly the workflow to be run, it did it automatically. Thanks for the help!

from repo-lockdown.

dessant avatar dessant commented on May 24, 2024

Thanks for the bug report! I've also tested with my own pull requests only during development, but that breaks down during normal use, because the pull requests you want to avoid are created by untrusted users, so workflows triggered by the pull_request event will get read-only tokens from GitHub.

The fix is to replace the pull_request event with pull_request_target in your workflow file, so that the workflow run can get write access to pull requests. Using this event is safe with the standalone example workflows from the README, but should not be combined with other actions that check out the pull request code or otherwise touch the changes.

https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target

Recent changes on GitHub regarding workflow run approvals may also complicate things, but I'm not sure if that also applies to workflows triggered by the pull_request_target event.

https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks

from repo-lockdown.

Dr-Noob avatar Dr-Noob commented on May 24, 2024

Thanks for the quick response! I have updated the target in my repository. I already saw the new GitHub thing about approving workflow runs from public forks, and I have to admit that I was pretty confused. There's an easy way to check if pull_request_target works with this feature, tough; open a dummy pull request in my repository and let's see what happens.

PS: Maybe this pull_request vs pull_request_target issue should be detailed in the README (maybe it is, but I just didn't see it?)

from repo-lockdown.

dessant avatar dessant commented on May 24, 2024

Yes, I've left the issue open because I plan to make some changes to the documentation. It seems to work now 😋: Dr-Noob/cpufetch#105

from repo-lockdown.

dessant avatar dessant commented on May 24, 2024

Fixed in 20caf22. I couldn't trigger workflow approvals either with this event.

from repo-lockdown.

Related Issues (9)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.