github: Fix checklist action
Workflows triggered by the 'pull_request' event can't have write permissions. With write permissions a malicious pull request can alter or create a workflow that either leaks the GITHUB_TOKEN with the write permissions or do malicious things in the workflow itself. The 'pull_request_target' event on the other hand allows workflows to run with write permissions but runs on the merge base of the PR, this way a pull request that alters such a workflow will not have it's code run until it's merged. Signed-off-by: Ahmad Khalifa <ahmadkhalifa570@gmail.com> Reviewed by: imp, emaste Pull Request: https://github.com/freebsd/freebsd-src/pull/1581
This commit is contained in:
committed by
Warner Losh
parent
12968503b8
commit
8528d7e4f6
@@ -4,7 +4,7 @@ name: Checklist
|
||||
# for the submission to align with CONTRIBUTING.md
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
pull_request_target:
|
||||
types: [ opened, reopened, edited, synchronize ]
|
||||
|
||||
permissions:
|
||||
|
||||
Reference in New Issue
Block a user