+
Skip to content

Use branch-deploy action #3744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: dev
Choose a base branch
from
Open

Use branch-deploy action #3744

wants to merge 3 commits into from
+19 −19

Conversation

kevinbackhouse
Copy link

@kevinbackhouse kevinbackhouse commented Sep 2, 2025
edited
Loading

Use the Branch Deploy Action to determine who is allowed to trigger these workflows. pull_request_target is quite dangerous because it can be triggered by anyone, and it runs with write permissions to the repo, so it could enable an attacker to push new commits to the repo. Similarly, issue comments can be created by anybody. The Branch Deploy Action will only allow people with write permissions to trigger these workflows.

PR checklist

  • This comment contains a description of changes (with reason)
  • CHANGELOG.md is updated
  • If you've fixed a bug or added code that should be tested, add tests!
  • Documentation in docs is updated

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 2, 2025

This PR is against the main branch ❌

  • Do not close this PR
  • Click Edit and change the base to dev
  • This CI test will remain failed until you push a new commit

Hi @kevinbackhouse,

It looks like this pull-request is has been made against the kevinbackhouse/nf-core-tools main branch.
The main branch on nf-core repositories should always contain code from the latest release.
Because of this, PRs to main are only allowed if they come from the kevinbackhouse/nf-core-tools dev branch.

You do not need to close this PR, you can change the target branch to dev by clicking the "Edit" button at the top of this page.
Note that even after this, the test will continue to show as failing until you push a new commit.

Thanks again for your contribution!

@kevinbackhouse kevinbackhouse changed the base branch from main to dev September 2, 2025 11:41
@mashehu
Copy link
Contributor

mashehu commented Sep 30, 2025

@nf-core-bot fix linting

mirpedrol
mirpedrol approved these changes Oct 1, 2025
View reviewed changes
Copy link
Member

@mirpedrol mirpedrol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the improvement @kevinbackhouse

@mashehu mashehu enabled auto-merge October 1, 2025 10:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mirpedrol mirpedrol mirpedrol approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kevinbackhouse @mashehu @mirpedrol @nf-core-bot
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载