Commit 998345a
security: block fork PRs from running on the self-hosted runner (#10)
Jobs triggered on pull_request that run on the self-hosted runner could
execute untrusted fork PR code on the runner host. Add an if: guard so
these jobs run only for same-repo events (push, schedule, workflow_dispatch,
and PRs from branches in this repo), never for fork PRs. Runner stays
self-hosted for trusted runs.
Co-authored-by: GeiserX <drumsergio@gmail.com>1 parent 10ede48 commit 998345a
1 file changed
Lines changed: 8 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
10 | 14 | | |
11 | 15 | | |
12 | 16 | | |
| |||
16 | 20 | | |
17 | 21 | | |
18 | 22 | | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
19 | 27 | | |
20 | 28 | | |
21 | 29 | | |
| |||
0 commit comments