Comments (4)
michaelbeaumont
commented on June 14, 2024
1
Yeah we've struggled with this, it's a pretty nasty shortcoming IMO. Ultimately I suppose there needs to be a step built into github like "trust this PR". Nothing related appears on the roadmap unfortunately.
from go-git-providers.
stefanprodan
commented on June 14, 2024
1
This could help https://twitter.com/hamelhusain/status/1294307330096394241?s=21
from go-git-providers.
michaelbeaumont
commented on June 14, 2024
Nice, this actually solves the problems I was having straight away, I only wanted to merge PRs so didn't need the fork code at all.
It looks like with pull_request_target the base branch workflow is run with base branch code. However, I think by writing a workflow that first, for example, checks for a comment or a label on the PR, i.e. the trust step, and then checks out the fork code, it can be used to run tests with secrets too.
from go-git-providers.
paulcarlton-ww
commented on June 14, 2024
From my reading of the docs pull_request_target seems to make it run the tests against head of the base repo rather than the PR? This prevents malicious code being run but does not test the PR changes, which seems to defeat the point of the workflow.
from go-git-providers.
Related Issues (20)
- Add bitbucket stash support
- Incorrect error message on `OrgRepositories().Reconcile()` for GitLab
- [Feature Request] Add a custom ca cert ClientOption
- Custom domains on gitlab provider do not work
- Deleting files in gitlab does not work
- Add option to get content from all directories recursively HOT 5
- Set up integration tests to run against an self-hosted Gitlab instance
- Gitea Support
- Gitlab Tree client implementation doesn't support pagination
- Add API for editing pull requests
- Azure DevOps Support HOT 2
- gitlab supportedDomain modifies the domain name and returns an url
- cannot get use repository for gitlab enterprise due to domain and client base url seems to be incorrectly configured / used
- Support sub-groups and sub-sub-groups on gitlab
- Support using HTTP proxies for connecting to provider APIs HOT 1
- Use Ginkgo v2 for e2e tests
- Make logger optional in Stash client
- `GetCloneURL` returns the wrong url if `UserRef.UserLogin` is incorrect HOT 1
- Gitea e2e tests failing with `latest`
- Add unit tests to e2e test suite
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-git-providers.