Skip to content

Commit d5b9641

Browse files
simonebsimoneb
authored
Revert "feat: Allow customization of the github.event_name check" (#563)
1 parent 8206d01 commit d5b9641

File tree

3 files changed

+1
-25
lines changed

3 files changed

+1
-25
lines changed

.README.md.swp

-36 KB
Binary file not shown.

README.md

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@ Error: Resource not accessible by integration
3232
| `pr-number` | No | | A pull request number, only required if triggered from a workflow_dispatch event. Typically this would be triggered by a script running in a separate CI provider. See [Trigger action from workflow_dispatch event](#trigger-action-from-workflow_dispatch-event) example. |
3333
| `skip-commit-verification` | No | `false` | If `true`, then the action will not expect the commits to have a verification signature. It is required to set this to `true` in GitHub Enterprise Server. |
3434
| `skip-verification` | No | `false` | If true, the action will not validate the user or the commit verification status |
35-
| `event-name` | No | `pull_request` | Allows customizing the `github.event_name` that is used to sanity check the build and make sure its part of a Pull Request. Default is `pull_request`. Allowed values: `pull_request`, `pull_request_target`.|
3635

3736
## Output
3837

@@ -132,21 +131,6 @@ curl -X POST \
132131
-d '{"ref":"{ref}", "inputs":{ "pr-number": "{number}"}}'
133132
```
134133

135-
### Trigger action from a `pull_request_target` instead of `pull_request` event
136-
137-
[trigger_doc]: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
138-
[security_blog]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
139-
140-
The action by default verifies that the [trigger][trigger_doc] is a `pull_request` event - which is the most secure and safest way to run your builds. If necessary, you can use the `event-name` property to reconfigure this verification check to support `pull_request_target` events. Make sure that you understand the [security risks][security_blog] of this behavior first. Additionally, ensure that your `checkout` action is configured properly to check out and test the right branch:
141-
142-
```yaml
143-
- name: Checkout
144-
uses: actions/checkout@v3
145-
with:
146-
ref: ${{ github.event.pull_request.head.ref }}
147-
repository: ${{ github.event.pull_request.head.repo.full_name }}
148-
```
149-
150134

151135
## How to upgrade from `2.x` to new `3.x`
152136

action.yml

Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -40,22 +40,14 @@ inputs:
4040
type: boolean
4141
description: 'If true, the action will not validate the user or the commit verification status'
4242
default: false
43-
event-name:
44-
type: string
45-
description:
46-
default: pull_request
47-
options:
48-
- pull_request
49-
- pull_request_target
50-
5143

5244
runs:
5345
using: 'composite'
5446
steps:
5547
- name: Fetch metadata
5648
id: dependabot-metadata
5749
uses: dependabot/fetch-metadata@v1
58-
if: github.event_name == '${{ inputs.event-name }}' && (github.actor == 'dependabot[bot]' || inputs.skip-verification == 'true')
50+
if: github.event_name == 'pull_request' && (github.actor == 'dependabot[bot]' || inputs.skip-verification == 'true')
5951
with:
6052
skip-commit-verification: ${{ inputs.skip-commit-verification }}
6153
skip-verification : ${{ inputs.skip-verification }}

0 commit comments

Comments
 (0)