mirror of
https://github.com/systemd/systemd
synced 2024-07-22 02:34:54 +00:00
4dab1eb952
Due to the limitation of `GITHUB_TOKEN` when running workflows from forks, it's required to split the `development_freeze` workflow in two. * First workflow will run on the `pull_request` trigger and save the PR number in the artifact. This workflow is running with read-only permissions on `GITHUB_TOKEN`. * Second workflow will get triggered on `workflow_run`. It will be run directly in the `systemd/systemd` context and can get permission to be able to create comments on PR. GITHUB_TOKEN limitations: * https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token GitHub Security Labs Article - How to correctly and safely overcome GITHUB_TOKEN limitations: * https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ |
||
|---|---|---|
| .. | ||
| codeql-queries | ||
| ISSUE_TEMPLATE | ||
| workflows | ||
| advanced-issue-labeler.yml | ||
| codeql-config.yml | ||
| codeql-custom.qls | ||
| dependabot.yml | ||
| development-freeze.yml | ||
| FUNDING.yml | ||
| labeler.yml | ||