releaser-pleaser

mirror of https://github.com/apricote/releaser-pleaser.git synced 2026-01-13 21:21:03 +00:00

History

Julian Tölle 2567f0ae8b ci: run on pr updates from main branch (#30 ) With `pull_request`, we run in the context of the pull request branch. - This means we run with the code from the PR branch, possibly breaking the current release PR for this repo with in-progress, unreviewed changes. - This means that the secret is not available on Pull Requests from forks. Switching to `pull_request_target` means we always run in the scope of the original repository. The secret is available and the code is checked out from our main branch. `pull_request_target` has security considerations, but they do not apply here as we do not check out or run code from the (external, malicious) PR.	2024-08-25 17:16:43 +02:00
..
workflows	ci: run on pr updates from main branch (#30 )	2024-08-25 17:16:43 +02:00

ci: run on pr updates from main branch (#30 )

With `pull_request`, we run in the context of the pull request branch.

- This means we run with the code from the PR branch, possibly breaking
  the current release PR for this repo with in-progress, unreviewed changes.
- This means that the secret is not available on Pull Requests from
  forks.

Switching to `pull_request_target` means we always run in the scope of
the original repository. The secret is available and the code is checked
out from our main branch.

`pull_request_target` has security considerations, but they do not apply
here as we do not check out or run code from the (external, malicious) PR.

2024-08-25 17:16:43 +02:00

workflows

ci: run on pr updates from main branch (#30 )

2024-08-25 17:16:43 +02:00