Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/slorber/lint-autofix-ci-demo

GitHub Actions setup to automatically fix PRs of external contributors
https://github.com/slorber/lint-autofix-ci-demo

Last synced: 19 days ago
JSON representation

GitHub Actions setup to automatically fix PRs of external contributors

Host: GitHub
URL: https://github.com/slorber/lint-autofix-ci-demo
Owner: slorber
License: mit
Created: 2023-12-14T13:00:57.000Z (11 months ago)
Default Branch: main
Last Pushed: 2023-12-14T19:04:57.000Z (11 months ago)
Last Synced: 2024-10-11T00:24:22.610Z (about 1 month ago)
Language: JavaScript
Size: 26.4 KB
Stars: 1
Watchers: 2
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Lint Autofix CI Demo

WIP

A demo of a GitHub Actions setup that automatically fixes PRs of external contributors.

Using `pull_request_target` to elevate your permissions to push to a contributor's fork is **unsafe** according to [GitHub Security Labs best practices](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

For security reasons, the process is split in 2 workflows:

- a `pull_request` workflow that safely runs on the untrusted PR, and only generates a git diff patch
- a `workflow_run` workflow with elevated permissions that push the diff patch to the repository