Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests | GitHub Security Lab
Fri May 12 2023 15:06:35 GMT+0000 (Coordinated Universal Time)
Saved by
@mybusybeeadmin
name: Receive PR
# read-only repo token
# no access to secrets
on:
pull_request:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
# imitation of a build process
- name: Build
run: /bin/bash ./build.sh
- name: Save PR number
run: |
mkdir -p ./pr
echo ${{ github.event.number }} > ./pr/NR
- uses: actions/upload-artifact@v2
with:
name: pr
path: pr/
content_copyCOPY
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Comments