mirror of
https://code.forgejo.org/actions/checkout.git
synced 2026-07-09 04:50:18 +00:00
backport allow-unsafe-pr-checkout to v2 (#2504)
* block checking out fork pr for pull_request_target and workflow_run (#2454) * block checking out fork pr for some events * address copilot and reviewer feedback * run prettier formatting * build * update urls * update readme * update description and url again * edit url one more time * update error wording (#2467) * bump upload-artifact * rebuild
This commit is contained in:
parent
ee0669bd1c
commit
262cdb5f1c
11 changed files with 509 additions and 4 deletions
|
|
@ -110,6 +110,15 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
|
|||
# config --global --add safe.directory <path>`
|
||||
# Default: true
|
||||
set-safe-directory: ''
|
||||
|
||||
# Required to check out fork pull request code from a workflow triggered by
|
||||
# `pull_request_target` or `workflow_run`. These workflows run with the base
|
||||
# repository's GITHUB_TOKEN, secrets, default-branch cache scope, and runner
|
||||
# access; fetching and executing a fork's code in that trusted context commonly
|
||||
# leads to "pwn request" vulnerabilities. Set to `true` only after reviewing the
|
||||
# risks at https://gh.io/securely-using-pull_request_target.
|
||||
# Default: false
|
||||
allow-unsafe-pr-checkout: ''
|
||||
```
|
||||
<!-- end usage -->
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue