diff options
author | Riku Isokoski <riksu9000@gmail.com> | 2023-01-07 20:17:18 +0200 |
---|---|---|
committer | Riku Isokoski <riksu9000@gmail.com> | 2023-01-07 20:58:18 +0200 |
commit | dca11812c2add2c8ad81bfda606c95869fd8900a (patch) | |
tree | 1fb06a2677836c12cb622f50a2b17156e14d1728 /.github/workflows/main.yml | |
parent | 028d40860dc32a96ce70bf820053ec93bd52f36d (diff) |
workflows: Disable build size comment in fork PRs
Due to a security concern, comments can only be created in the context
of branches in the repo. PRs from forks can't get the comment.
https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#restrictions-on-repository-forks
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Diffstat (limited to '.github/workflows/main.yml')
-rw-r--r-- | .github/workflows/main.yml | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c2570627..b010ad91 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -138,7 +138,7 @@ jobs: . /opt/build.sh .github/workflows/getSize.sh "$BUILD_DIR"/src/pinetime-app-*.out >> $GITHUB_OUTPUT - leave-build-size-comment: + compare-build-size: if: github.event_name == 'pull_request' needs: [build-firmware, get-base-ref-size] runs-on: ubuntu-latest @@ -167,6 +167,9 @@ jobs: echo "bss_diff=$BSS_SIZE_DIFF" >> $GITHUB_OUTPUT - name: Find Comment + # Due to a security concern, comments can only be created in the context of branches in the repo. + # PRs from forks can't get the comment. + if: github.event.pull_request.head.repo.full_name == github.repository uses: peter-evans/find-comment@v2 id: build-size-comment with: @@ -175,6 +178,7 @@ jobs: body-includes: Build size and comparison to - name: Create or update comment + if: github.event.pull_request.head.repo.full_name == github.repository uses: peter-evans/create-or-update-comment@v2 with: comment-id: ${{ steps.build-size-comment.outputs.comment-id }} |