Fix potential github action smells #8075
Conversation
|
This is interesting, but why would you not want to run regular jobs/actions in a fork? @ceddy4395 |
| @@ -8,6 +8,8 @@ on: | |||
| jobs: | |||
| cleanup: | |||
| runs-on: ubuntu-latest | |||
| permissions: | |||
| actions: write | |||
There was a problem hiding this comment.
This makes sure that the workflow cannot make any other changes than alter anything related to GitHub Actions.
For security purposes, it is generally recommended to only give workflows the minimal possible permissions to a repository.
@detunjiSamuel The idea is not to eliminate all workflows from forks but only the ones which do some sort of releasing. In your case the fork will not have access to the correct secrets when logging into Docker Hub and will thus fail by default. Therefore, it's more ideal to just prevent the whole workflow from running. |
- Stop running workflows when there is a newer commit in PR - Prevent running issue/PR actions on forks line - Avoid deploying jobs on forks
ceddy4395
force-pushed
the
cicd-fix-gha-smells
branch
from
3791a61
to
9e6b44b
Compare
What does this PR do?
Hey! 馃檪
I want to contribute the following changes to your workflow:
(These changes are part of a research Study at TU Delft looking at GitHub Action Smells. Find out more)
Test Plan
(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work. Screenshots may also be helpful.)
Related PRs and Issues
Checklist