Skip to content

Commit

Permalink
Changed pull_request_target to pull_request (#772)
Browse files Browse the repository at this point in the history
### Changes

<!--
  Change pull_request_target to pull_request for better security.
Remove the authorize job from the list of jobs defined in that workflow.
Remove the dependency on authorize job for other jobs in that workflow
by looking for the line needs: authorize.
-->

### Contributor Checklist

- [ ] I agree to adhere to the [Auth0 General Contribution
Guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md).
- [ ] I agree to uphold the [Auth0 Code of
Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
  • Loading branch information
arpit-jn authored Sep 16, 2024
1 parent d67ad49 commit 7ffdf4e
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 28 deletions.
11 changes: 1 addition & 10 deletions .github/workflows/semgrep.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: Semgrep

on:
merge_group:
pull_request_target:
pull_request:
types:
- opened
- synchronize
Expand All @@ -20,16 +20,7 @@ concurrency:
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
authorize:
name: Authorize
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true

check:
needs: authorize

name: Check for Vulnerabilities
runs-on: ubuntu-latest

Expand Down
10 changes: 1 addition & 9 deletions .github/workflows/snyk.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: Snyk

on:
merge_group:
pull_request_target:
pull_request:
types:
- opened
- synchronize
Expand All @@ -26,16 +26,8 @@ concurrency:
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
authorize:
name: Authorize
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true

configure:
name: Configure
needs: [authorize]
runs-on: ubuntu-latest

outputs:
Expand Down
10 changes: 1 addition & 9 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: Build and Test

on:
merge_group:
pull_request_target:
pull_request:
types:
- opened
- synchronize
Expand All @@ -17,16 +17,8 @@ concurrency:
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
authorize:
name: Authorize
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true

configure:
name: Configure
needs: [authorize]
runs-on: ubuntu-latest

outputs:
Expand Down

0 comments on commit 7ffdf4e

Please sign in to comment.