workflows: Disable build size comment in fork PRs
Due to a security concern, comments can only be created in the context of branches in the repo. PRs from forks can't get the comment. https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#restrictions-on-repository-forks https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
This commit is contained in:
parent
028d40860d
commit
dca11812c2
6
.github/workflows/main.yml
vendored
6
.github/workflows/main.yml
vendored
|
@ -138,7 +138,7 @@ jobs:
|
|||
. /opt/build.sh
|
||||
.github/workflows/getSize.sh "$BUILD_DIR"/src/pinetime-app-*.out >> $GITHUB_OUTPUT
|
||||
|
||||
leave-build-size-comment:
|
||||
compare-build-size:
|
||||
if: github.event_name == 'pull_request'
|
||||
needs: [build-firmware, get-base-ref-size]
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -167,6 +167,9 @@ jobs:
|
|||
echo "bss_diff=$BSS_SIZE_DIFF" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Find Comment
|
||||
# Due to a security concern, comments can only be created in the context of branches in the repo.
|
||||
# PRs from forks can't get the comment.
|
||||
if: github.event.pull_request.head.repo.full_name == github.repository
|
||||
uses: peter-evans/find-comment@v2
|
||||
id: build-size-comment
|
||||
with:
|
||||
|
@ -175,6 +178,7 @@ jobs:
|
|||
body-includes: Build size and comparison to
|
||||
|
||||
- name: Create or update comment
|
||||
if: github.event.pull_request.head.repo.full_name == github.repository
|
||||
uses: peter-evans/create-or-update-comment@v2
|
||||
with:
|
||||
comment-id: ${{ steps.build-size-comment.outputs.comment-id }}
|
||||
|
|
Loading…
Reference in a new issue