Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests | GitHub Security Lab
Fri May 12 2023 15:06:57 GMT+0000 (Coordinated Universal Time)
Saved by
@mybusybeeadmin
# The workflow is broken. DO NOT use it in production.
on: [push, pull_request_target]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Build and test
run: /bin/bash ./build.sh && /bin/bash ./runtests.sh
- name: Report
if: failure() && github.event.action != 'push'
with: fancy/commenter@v1
message: |
Some checks have failed.
content_copyCOPY
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Comments