diff options
author | Jan Macku <jamacku@redhat.com> | 2023-02-03 10:25:51 +0100 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2023-02-03 14:03:39 +0000 |
commit | 4dab1eb952d48d32f5c604005247e7ac1f4fdda2 (patch) | |
tree | 6d690fe6009547f1158737758493b7d457887d2d /hwdb.d | |
parent | 45ab6f2a374d251090857b33001c760da6b09208 (diff) | |
download | systemd-4dab1eb952d48d32f5c604005247e7ac1f4fdda2.tar.gz |
ci: Fix Development Freeze Automation
Due to the limitation of `GITHUB_TOKEN` when running workflows from forks,
it's required to split the `development_freeze` workflow in two.
* First workflow will run on the `pull_request` trigger and save the PR
number in the artifact. This workflow is running with read-only permissions
on `GITHUB_TOKEN`.
* Second workflow will get triggered on `workflow_run`. It will be run
directly in the `systemd/systemd` context and can get permission to be
able to create comments on PR.
GITHUB_TOKEN limitations:
* https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
GitHub Security Labs Article - How to correctly and safely overcome GITHUB_TOKEN limitations:
* https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Diffstat (limited to 'hwdb.d')
0 files changed, 0 insertions, 0 deletions