Skip to content

WIP: Fix Vercel workflow #971

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
seisman wants to merge 4 commits into from
Closed

WIP: Fix Vercel workflow #971

seisman wants to merge 4 commits into from

Conversation

@seisman
Copy link
Member

@seisman seisman commented Feb 26, 2021
edited
Loading

Description of proposed changes

The Vercel workflow doesn't work with PRs from forks.

Fixes #

Reminders

  • Run make format and make check to make sure the code follows the style guide.
  • Add tests for new features or tests that would have caught the bug that you're fixing.
  • Add new public functions/methods/classes to doc/api/index.rst.
  • Write detailed docstrings for all functions/methods.
  • If adding new functionality, add an example to docstrings or tutorials.

Slash Commands

You can write slash commands (/command) in the first line of a comment to perform
specific operations. Supported slash commands are:

  • /format: automatically format and lint the code
  • /test-gmt-dev: run full tests on the latest GMT development version

@seisman seisman added maintenance Boring but important stuff for the core devs skip-changelog Skip adding Pull Request to changelog labels Feb 26, 2021
@seisman seisman added this to the 0.3.1 milestone Feb 26, 2021
@seisman seisman marked this pull request as draft February 26, 2021 05:34
@seisman seisman changed the title Enable pull_request_target and disable pull_request for the vercel action WIP: Enable pull_request_target and disable pull_request for the vercel action Feb 26, 2021
@seisman
Copy link
Member Author

seisman commented Feb 26, 2021

It seems more complicated than I thought.

https://securitylab.github.com/research/github-actions-preventing-pwn-requests

@seisman
Vercel (#14)
08b6f6f
@seisman
Enable pull_request_target and disable pull_request for the vercel ac…
c0072f5 
…tion

The `pull_request` event doesn't work for PRs from forks, because forks
cannot access our secrets due to security reasons.

`pull_request_target` is similar to `pull_request`, but safer.
@seisman
fix
d4707d5
@seisman seisman changed the title WIP: Enable pull_request_target and disable pull_request for the vercel action WIP: Fix Vercel workflow Feb 26, 2021
@seisman
Copy link
Member Author

seisman commented Feb 26, 2021

The Vercel action doesn't work for forks. We may have to revert the changes in #964 and #969

@seisman seisman closed this Feb 26, 2021
@seisman seisman deleted the fix-vercel branch February 26, 2021 19:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

maintenance Boring but important stuff for the core devs skip-changelog Skip adding Pull Request to changelog

Projects

None yet

Milestone

0.3.1

Development

Successfully merging this pull request may close these issues.

2 participants

@seisman