From d7dc6e901728d7b2a178f0e9c6beebd186c97681 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 27 Aug 2024 16:06:48 +0200 Subject: [PATCH 1/3] fix: switch to ro token to use pull_request_target somewhat more safely Signed-off-by: Robert Waffen --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 382d6ca9..d408cb1c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -2,7 +2,7 @@ name: CI🚦 on: - pull_request: + pull_request_target: branches: - main workflow_dispatch: @@ -55,7 +55,7 @@ jobs: uses: docker/login-action@v3 with: username: voxpupulibot - password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }} + password: ${{ secrets.DOCKERHUB_BOT_RO_PASSWORD }} - name: Analyze container image for CVEs id: analyze-image-cves From 17c11f582e5fa7d96f3d1811e63ce79e65543446 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 27 Aug 2024 16:10:18 +0200 Subject: [PATCH 2/3] fix: switch run options Signed-off-by: Robert Waffen --- .github/workflows/ci.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d408cb1c..c2ab8067 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -3,8 +3,6 @@ name: CI🚦 on: pull_request_target: - branches: - - main workflow_dispatch: jobs: From 84c9ed9027c534e10517d4e0096686ce42c996b2 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 27 Aug 2024 16:11:45 +0200 Subject: [PATCH 3/3] fix: run on both Signed-off-by: Robert Waffen --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c2ab8067..86094032 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -3,6 +3,7 @@ name: CI🚦 on: pull_request_target: + pull_request: workflow_dispatch: jobs: