Switch back to pull_request to mitigate security issue (#1257)

According to advisory GHSL-2020-367 the changes I made to support pull_request_target make this repository vulnerable to attacks from any malicious forker Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2025-08-31 06:15:48 +00:00 · 2020-12-22 00:32:56 -08:00
parent 37c8b416d5
commit 3c85930e6f
1 changed files with 5 additions and 5 deletions
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -1,4 +1,4 @@
-on: [pull_request_target]
+on: [pull_request]

 name: Check pull request
 jobs:
@@ -9,8 +9,8 @@ jobs:
        api-level: [23, 29]
    steps:

-    - name: Auto-cancel redundant workflow run
-      uses: technote-space/auto-cancel-redundant-workflow@f9dfa1c127a520e4d71b92892850f861fb861206
+    #- name: Auto-cancel redundant workflow run
+    #  uses: technote-space/auto-cancel-redundant-workflow@f9dfa1c127a520e4d71b92892850f861fb861206

    - name: Check if relevant files have changed
      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
@@ -31,8 +31,8 @@ jobs:
    - name: Checkout repository
      if: ${{ steps.service-changed.outputs.result == 'true' }}
      uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-      with:
-        ref: refs/pull/${{ github.event.pull_request.number }}/merge
+      #with:
+      #  ref: refs/pull/${{ github.event.pull_request.number }}/merge

    - name: Copy CI gradle.properties
      if: ${{ steps.service-changed.outputs.result == 'true' }}