Skip to content

Commit

Permalink
ci: changed the trigger from pull_request_target to pull_request for …
Browse files Browse the repository at this point in the history
…better security (#2584)

### Changes
ci: changed the trigger from pull_request_target to pull_request for
better security

### Checklist

* [x] I have read the [Auth0 general contribution
guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
* [x] I have read the [Auth0 Code of
Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
* [x] All code quality tools/guidelines have been run/followed
* [ ] All relevant assets have been compiled
  • Loading branch information
nandan-bhat authored Sep 3, 2024
2 parents 645947c + 2cd40fd commit 1cf70cc
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 20 deletions.
11 changes: 1 addition & 10 deletions .github/workflows/semgrep.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: Semgrep

on:
merge_group:
pull_request_target:
pull_request:
types:
- opened
- synchronize
Expand All @@ -20,16 +20,7 @@ concurrency:
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}

jobs:
authorize:
name: Authorize
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true

run:
needs: authorize # Require approval before running on forked pull requests

name: Check for Vulnerabilities
runs-on: ubuntu-latest

Expand Down
11 changes: 1 addition & 10 deletions .github/workflows/snyk.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Snyk
on:
merge_group:
workflow_dispatch:
pull_request_target:
pull_request:
types:
- opened
- synchronize
Expand All @@ -21,16 +21,7 @@ concurrency:
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}

jobs:
authorize:
name: Authorize
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true

check:
needs: authorize

name: Check for Vulnerabilities
runs-on: ubuntu-latest

Expand Down

0 comments on commit 1cf70cc

Please sign in to comment.