Ability to override commit SHA #23
Labels
🍩 enhancement
New feature or request
👶 good first issue
Good for newcomers
👋 help wanted
Extra attention is needed
Comments
|
Sounds reasonable, I think we will need to add a case here: Lines 142 to 148 in a651a74 We can use const commit = getInput('commit', { required: false })Feel free to submit a pull request and make sure to update the README and action.yml file with this new argument. |
ggrossetie
added
🍩 enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm running a public open source project and I want to apply annotations to PRs from forked repos. As such, I can't run the CI job with
pull_request_targetbecause that is a security risk[1].The apparently correct way to do this is to let the CI job run in the forked repo's space, with the regular
pull_requestevent, and then use theworkflow_runevent in my repo, to fetch artifacts from the PR run and process them.However, to do that and then push the comments back to the originating PR, I need to be able to forcibly set the commit SHA, or the PR number.
An example would be the "Support fork repositories and dependabot branches" section of https://github.com/marketplace/actions/publish-unit-test-results and if I could have the same
commit:argument for this action, it would be awesome.[1] - https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
The text was updated successfully, but these errors were encountered: