From 67a75e4fdbea7cff51438295c8f3ff1464ef7a19 Mon Sep 17 00:00:00 2001 From: Samuel Laferriere Date: Wed, 30 Oct 2024 00:15:24 +0000 Subject: [PATCH] Revert "ci: give holesky-test workflow access to secrets via pull_request_target (#153)" This reverts commit 15b10fd0feaa324ae49c143cb642d1b3e39ffc26. The commit was doing things very wrong. I hadn't understood how pull_request_target works. Was causing the workflow to run against main branch head commit instead of PR commit. We will need to find another solution to the problem of letting external contributors run this workflow. --- .github/workflows/holesky-test.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/holesky-test.yml b/.github/workflows/holesky-test.yml index 34b3e7be..6ae3743f 100644 --- a/.github/workflows/holesky-test.yml +++ b/.github/workflows/holesky-test.yml @@ -3,11 +3,7 @@ name: holesky-test on: push: branches: [ "main" ] - # pull_request_target is needed so that external contributors that create PRs from a forked repo - # have access to the secrets needed to run the tests. There are security implications to this, - # see https://stackoverflow.com/questions/74957218/what-is-the-difference-between-pull-request-and-pull-request-target-event-in-git - # MAKE SURE TO ONLY ALLOW RUNNING THIS WORKFLOW AFTER REVIEWING THE PR! - pull_request_target: + pull_request: branches: [ "main" ] jobs: