mirror of
https://github.com/opnsense/src.git
synced 2026-06-10 09:11:07 -04:00
8528d7e4f6
Workflows triggered by the 'pull_request' event can't have write permissions. With write permissions a malicious pull request can alter or create a workflow that either leaks the GITHUB_TOKEN with the write permissions or do malicious things in the workflow itself. The 'pull_request_target' event on the other hand allows workflows to run with write permissions but runs on the merge base of the PR, this way a pull request that alters such a workflow will not have it's code run until it's merged. Signed-off-by: Ahmad Khalifa <ahmadkhalifa570@gmail.com> Reviewed by: imp, emaste Pull Request: https://github.com/freebsd/freebsd-src/pull/1581 |
||
|---|---|---|
| .. | ||
| PULL_REQUEST_TEMPLATE | ||
| workflows | ||
| CODEOWNERS | ||