-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix potential github action smells #8075
base: main
Are you sure you want to change the base?
Conversation
This is interesting, but why would you not want to run regular jobs/actions in a fork? @ceddy4395 |
@@ -8,6 +8,8 @@ on: | |||
jobs: | |||
cleanup: | |||
runs-on: ubuntu-latest | |||
permissions: | |||
actions: write |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does this do?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sure that the workflow cannot make any other changes than alter anything related to GitHub Actions.
For security purposes, it is generally recommended to only give workflows the minimal possible permissions to a repository.
@detunjiSamuel The idea is not to eliminate all workflows from forks but only the ones which do some sort of releasing. In your case the fork will not have access to the correct secrets when logging into Docker Hub and will thus fail by default. Therefore, it's more ideal to just prevent the whole workflow from running. |
- Stop running workflows when there is a newer commit in PR - Prevent running issue/PR actions on forks line - Avoid deploying jobs on forks
3791a61
to
9e6b44b
Compare
What does this PR do?
Hey! 馃檪
I want to contribute the following changes to your workflow:
(These changes are part of a research Study at TU Delft looking at GitHub Action Smells. Find out more)
Test Plan
(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work. Screenshots may also be helpful.)
Related PRs and Issues
Checklist