github: Fix checklist action

Workflows triggered by the 'pull_request' event can't have write
permissions. With write permissions a malicious pull request can alter
or create a workflow that either leaks the GITHUB_TOKEN with the write
permissions or do malicious things in the workflow itself.

The 'pull_request_target' event on the other hand allows workflows to
run with write permissions but runs on the merge base of the PR, this
way a pull request that alters such a workflow will not have it's code
run until it's merged.

Signed-off-by: Ahmad Khalifa <ahmadkhalifa570@gmail.com>
Reviewed by: imp, emaste
Pull Request: https://github.com/freebsd/freebsd-src/pull/1581
This commit is contained in:
Ahmad Khalifa
2025-01-25 18:59:19 +02:00
committed by Warner Losh
parent 12968503b8
commit 8528d7e4f6
+1 -1
View File
@@ -4,7 +4,7 @@ name: Checklist
# for the submission to align with CONTRIBUTING.md
on:
pull_request:
pull_request_target:
types: [ opened, reopened, edited, synchronize ]
permissions: