diff options
author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2022-03-21 08:40:03 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-21 08:40:03 +0000 |
commit | 5646fe3c6db4ec1caa5a401bd194bb3319ab3025 (patch) | |
tree | 3ec3e008ad1b9adcdcdd65c2869163974c07c829 /.github/workflows/backport.yml | |
parent | 0e882f0d2bdc054aede0e552daa4fa384d24a873 (diff) | |
parent | 92a720cbacbdbbdf4be68eb1d0c2f2b83b226406 (diff) | |
download | nixpkgs-5646fe3c6db4ec1caa5a401bd194bb3319ab3025.tar nixpkgs-5646fe3c6db4ec1caa5a401bd194bb3319ab3025.tar.gz nixpkgs-5646fe3c6db4ec1caa5a401bd194bb3319ab3025.tar.bz2 nixpkgs-5646fe3c6db4ec1caa5a401bd194bb3319ab3025.tar.lz nixpkgs-5646fe3c6db4ec1caa5a401bd194bb3319ab3025.tar.xz nixpkgs-5646fe3c6db4ec1caa5a401bd194bb3319ab3025.tar.zst nixpkgs-5646fe3c6db4ec1caa5a401bd194bb3319ab3025.zip |
Merge pull request #164880 from Mic92/github-tokens
ci: add warning to actions with writeable GITHUB_TOKEN
Diffstat (limited to '.github/workflows/backport.yml')
-rw-r--r-- | .github/workflows/backport.yml | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index bcb164a04ee..4ee5adfaac1 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -2,6 +2,12 @@ name: Backport on: pull_request_target: types: [closed, labeled] + +# WARNING: +# When extending this action, be aware that $GITHUB_TOKEN allows write access to +# the GitHub repository. This means that it should not evaluate user input in a +# way that allows code injection. + jobs: backport: name: Backport Pull Request |