lupyuen commented on issue #18359: URL: https://github.com/apache/nuttx/issues/18359#issuecomment-3868503027
Helpful advice from Apache Airflow folks (thanks to Justin)... > I would strongly discourage using pull_request_target. Many of recent problems (async-api breach for example) - might be caused by often not obviously visible issues in "pull_request_target" - this workflow is EVIL. What you want can be quite easily achieved with the "push" workflow. We do it in a very similar way in Apache Airflow: > https://github.com/apache/airflow/blob/main/.github/workflows/automatic-backport.yml - this workflow retrieves information about the pull request from the merged commit and triggers https://github.com/apache/airflow/blob/main/.github/workflows/backport-cli.yml for each found label to backport as "workfow_dispatch" event. > It's way safer. > Also - I would recommend you to use zizmor https://github.com/marketplace/actions/zizmor-action to verify all your action security, it is a really good tool that finds some of the non-obvious issues in action. I'm still trying to understand this. Lemme experiment on my own fork of NuttX Repo... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
