ARCHIVE/xrpl-dev-portal
1
0
Fork 0
mirror of https://github.com/XRPLF/xrpl-dev-portal.git synced 2025-11-04 20:05:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Disable insecure CI job

Browse Source
This commit is contained in:
mDuo13
2021-11-15 13:01:44 -08:00
parent 13bc864a26
commit a57bbaf2a0
1 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.github/workflows/link-checker-pr.yml vendored
View File

@@ -1,14 +1,16 @@
name: Link Checker (PR Build)
on:
# Note: this job runs with in-repo permissions so it can comment and commit
# on stuff in the repo even when the PR is coming from a PR. This means that
# it can, potentially, wreak havoc on the repository by running arbitrary
# code. Be sure to ONLY approve job runs AFTER you have confirmed that the
# commits in question do not contain malicious or suspicious code (especially
# to the .sh or .py files in the tool/ directory.)
pull_request_target:
types: [opened, edited, synchronize]
# Disabled. GitHub doesn't actually stop these jobs from running automatically
# even when they come from untrusted contributors, so this is insecure.
# on:
# # Note: this job runs with in-repo permissions so it can comment and commit
# # on stuff in the repo even when the PR is coming from a PR. This means that
# # it can, potentially, wreak havoc on the repository by running arbitrary
# # code. Be sure to ONLY approve job runs AFTER you have confirmed that the
# # commits in question do not contain malicious or suspicious code (especially
# # to the .sh or .py files in the tool/ directory.)
# pull_request_target:
# types: [opened, edited, synchronize]
jobs:
build: