Author: Riku Isokoski <riksu9000@gmail.com>
workflows: Disable build size comment in fork PRs Due to a security concern, comments can only be created in the context of branches in the repo. PRs from forks can't get the comment. https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#restrictions-on-repository-forks https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
.github/workflows/main.yml | 6 +++++-
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c2570627532e6e14cb694fb4fa29eebf640fa861..b010ad919ec960396dd6f27829f833c9458c42d6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -138,7 +138,7 @@ run: | . /opt/build.sh .github/workflows/getSize.sh "$BUILD_DIR"/src/pinetime-app-*.out >> $GITHUB_OUTPUT - leave-build-size-comment: + compare-build-size: if: github.event_name == 'pull_request' needs: [build-firmware, get-base-ref-size] runs-on: ubuntu-latest @@ -167,6 +167,9 @@ echo "data_diff=$DATA_SIZE_DIFF" >> $GITHUB_OUTPUT echo "bss_diff=$BSS_SIZE_DIFF" >> $GITHUB_OUTPUT - name: Find Comment + # Due to a security concern, comments can only be created in the context of branches in the repo. + # PRs from forks can't get the comment. + if: github.event.pull_request.head.repo.full_name == github.repository uses: peter-evans/find-comment@v2 id: build-size-comment with: @@ -175,6 +178,7 @@ comment-author: 'github-actions[bot]' body-includes: Build size and comparison to - name: Create or update comment + if: github.event.pull_request.head.repo.full_name == github.repository uses: peter-evans/create-or-update-comment@v2 with: comment-id: ${{ steps.build-size-comment.outputs.comment-id }}