Change workflow preview env to pull_request_target (#11810)
It didn't work with external contributors
This commit is contained in:
9
.github/workflows/preview-env-dispatch.yaml
vendored
9
.github/workflows/preview-env-dispatch.yaml
vendored
@ -1,13 +1,20 @@
|
|||||||
name: 'Preview Environment Dispatch'
|
name: 'Preview Environment Dispatch'
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
# Using pull_request_target instead of pull_request to have access to secrets for external contributors
|
||||||
|
# Security note: This is safe because we're only using the repository-dispatch action with limited scope
|
||||||
|
# and not checking out or running any code from the external contributor's PR
|
||||||
|
pull_request_target:
|
||||||
types: [opened, synchronize, reopened, labeled]
|
types: [opened, synchronize, reopened, labeled]
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
group: ${{ github.workflow }}-${{ github.ref }}
|
group: ${{ github.workflow }}-${{ github.ref }}
|
||||||
cancel-in-progress: true
|
cancel-in-progress: true
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
actions: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
changed-files-check:
|
changed-files-check:
|
||||||
uses: ./.github/workflows/changed-files.yaml
|
uses: ./.github/workflows/changed-files.yaml
|
||||||
|
|||||||
Reference in New Issue
Block a user