action: Trigger some actions on label
jodh-intel opened this issue · 0 comments
jodh-intel commented
Change the following two GitHub actions (which operate on PRs) so that
they will only trigger once new PRs have been manually reviewed:
| GitHub Action | Summary | Reason pull_request_target event needed |
|---|---|---|
move-issues-to-in-progress.yaml |
Moves issues to the "In progress" column in the "Issue backlog" project. | Required to determine linked issue for a PR using the GitHub API. |
require-pr-porting-labels.yaml |
Performs checks on each PR to ensure they confirm to the porting guidelines. | Need access to a PRs labels. |
This change reduces the risk associated with a hypothetical "bad actor PR"
that tries to attack the repository or infrastructure by only triggering
the actions that need this elevated privilege event after the PR has
been sanity checked by a trusted community member. The community member
requests the two actions above run by applying the safe-to-test label.