Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adonay: add theme #7928

Closed
wants to merge 1 commit into from
Closed

Adonay: add theme #7928

wants to merge 1 commit into from

Conversation

beafialho
Copy link
Collaborator

@beafialho beafialho commented Jul 4, 2024
edited

Adonay is crafted for single page websites that want to leave a stunning and memorable first impression. It also provides post and page templates for those looking to customize and broaden their website's functionality. Adonay comes with 3 distinctive style variations and 12 vibrant color options.

screenshot

@beafialho beafialho changed the title Update theme adonay Adonay: add theme Jul 4, 2024
@beafialho
Copy link
Collaborator Author

@mikachan should I be concerned that this one and #7917, the PR's that add a theme via WP Playground have a ❌ for some checks?

@mikachan
Copy link
Member

mikachan commented Jul 4, 2024

should I be concerned that this one and #7917, the PR's that add a theme via WP Playground have a ❌ for some checks?

It's because these PRs are opened from a fork of this repo (https://github.com/beafialho/themes) rather than from a clone of the repo. I'm not sure how you specify opening the PR from a clone in Playground. @bgrgicak might be able to help here - would @beafialho need to delete her fork for Playground to know where to open these PRs from?

@bgrgicak
Copy link

bgrgicak commented Jul 5, 2024

I'm not sure how you specify opening the PR from a clone in Playground.

This is specified by the repository URL you provide in the form.

Instead of setting the URL to https://github.com/beafialho/themes, you could set it to https://github.com/Automattic/themes/.

The Preview Theme Changes step failed with RequestError [HttpError]: Resource not accessible by integration.
I'm not sure who built the integration, but it might be possible to add support for forks to the integration.

@beafialho
Copy link
Collaborator Author

https://github.com/Automattic/themes/ was the URL I set:

Captura de ecrã 2024-07-05, às 09 20 44

@bgrgicak
Copy link

bgrgicak commented Jul 5, 2024

Automattic/themes was the URL I set

Thank you! In that case, I would expect it to end up on Automattic/themes and not the fork.

Could you please open an issue for this?

@beafialho
Copy link
Collaborator Author

Yes, opening one now, thank you for your help!

This was referenced Jul 5, 2024
Open
Merged
@jasmussen
Copy link
Member

What's the next step for this PR? Do we wait for fixes in Playground, or should I make a copy of this PR to the repo rather than from a fork? I can do the latter, just want to be sure it's the next step.

@jasmussen jasmussen mentioned this pull request Jul 15, 2024
Closed
@beafialho
Copy link
Collaborator Author

I would love to launch this one so if there are no objections from @mikachan, it would be cool to make a copy of this PR to the repo.

@bgrgicak
Copy link

bgrgicak commented Jul 16, 2024
edited

What's the next step for this PR? Do we wait for fixes in Playground, or should I make a copy of this PR to the repo rather than from a fork? I can do the latter, just want to be sure it's the next step.

Please open a copy of the PR, I'm not sure when we will be able to work on GitHub export issues.

@jasmussen jasmussen mentioned this pull request Jul 16, 2024
Merged
@jasmussen
Copy link
Member

Created #7954 based on this.

@adamziel
Copy link
Contributor

@mikachan would there be anything wrong with using the pull_request_target: trigger instead of pull_request: in the preview-theme.yml workflow? This would make it work for PRs from forks.

@mikachan
Copy link
Member

mikachan commented Jul 17, 2024
edited

would there be anything wrong with using the pull_request_target: trigger instead of pull_request: in the preview-theme.yml workflow?

This is what we were using originally but unfortunately, we had to revert it as it caused security concerns: #7782.

@adamziel
Copy link
Contributor

adamziel commented Jul 31, 2024
edited

@mikachan @vcanales What specific security concerns were there, though? I understand that pull_request_target is more permissive, but would you be able to walk me through the steps how a malicious actor could exploit that in context of this specific automation?

@vcanales
Copy link
Member

@mikachan @vcanales What specific security concerns were there, though? I understand that pull_request_target is more permissive, but would you be able to walk me through the steps how a malicious actor could exploit that in context of this specific automation?

The problem was the implementation of the action, which used a script that a potential attacker could modify within a PR to extract secrets.

I've just finished a replacement for the action here: https://github.com/vcanales/action-wp-playground-pr-preview — I decided to put it on its own repo because it'll facilitate sharing the workflow between repos that are using it; currently, this one and WordPress/community-themes.

I need to write docs, polish, and publish it if necessary, but it's ready to use.

@vcanales vcanales mentioned this pull request Jul 31, 2024
Merged
@adamziel adamziel mentioned this pull request Aug 1, 2024
Open
@jasmussen
Copy link
Member

Should we close this one since #7954 is landed?

@alaczek
Copy link
Contributor

alaczek commented Aug 21, 2024

I'm closing this PR since it's not relevant anymore after #7954 was merged.

@alaczek alaczek closed this Aug 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Needs Author's Reply OSS Citizen
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@beafialho @mikachan @bgrgicak @jasmussen @adamziel @vcanales @alaczek