Compare commits

...

4 Commits

Author SHA1 Message Date
rizwangourysk
04fb1c8e5d
Merge 7a020261fa into 9c091bb21b 2026-06-21 00:25:41 +09:00
Aiqiao Yan
9c091bb21b
update error wording (#2467) 2026-06-17 13:51:53 -04:00
rizwangourysk
7a020261fa added workflow 2026-03-26 15:45:27 +05:30
rizwangourysk
bd5c14db95 added changes 2026-03-26 14:56:46 +05:30
3 changed files with 29 additions and 6 deletions

6
dist/index.js vendored
View File

@ -42023,9 +42023,9 @@ function assertSafePrCheckout(input) {
throw new Error(`Refusing to check out fork pull request code from a '${eventName}' workflow. ` +
`This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch ` +
`cache scope, and runner access. Fetching and executing a fork's code in that trusted ` +
`context commonly leads to "pwn request" vulnerabilities. To opt in after reviewing ` +
`the risks at https://gh.io/securely-using-pull_request_target, set ` +
`'allow-unsafe-pr-checkout: true' on the actions/checkout step.`);
`context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks ` +
`at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' ` +
`on the actions/checkout step.`);
}
function pushIfSha(target, value) {
if (typeof value === 'string' && value.length > 0) {

23
pr.yaml Normal file
View File

@ -0,0 +1,23 @@
---
# This workflow will execute on pull request to dev branch
name: pr-workflow
on:
pull_request:
branches:
- dev
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: get the code
uses: actions/checkout@v6
- name: compile the code
run: mvn compile
- name: test the code
run: mvn test
- name: create the package
run: mvn package

View File

@ -75,9 +75,9 @@ export function assertSafePrCheckout(input: IUnsafePrCheckoutInput): void {
`Refusing to check out fork pull request code from a '${eventName}' workflow. ` +
`This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch ` +
`cache scope, and runner access. Fetching and executing a fork's code in that trusted ` +
`context commonly leads to "pwn request" vulnerabilities. To opt in after reviewing ` +
`the risks at https://gh.io/securely-using-pull_request_target, set ` +
`'allow-unsafe-pr-checkout: true' on the actions/checkout step.`
`context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks ` +
`at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' ` +
`on the actions/checkout step.`
)
}