From 43177dd6918b6c5daefb3a3efdcb08bb5d32a0cc Mon Sep 17 00:00:00 2001 From: matt Date: Wed, 19 Jun 2024 19:56:26 +0000 Subject: [PATCH 1/2] copy trafico action from actual --- .github/workflows/trafico.yml | 39 +++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/trafico.yml diff --git a/.github/workflows/trafico.yml b/.github/workflows/trafico.yml new file mode 100644 index 000000000..c39fb0668 --- /dev/null +++ b/.github/workflows/trafico.yml @@ -0,0 +1,39 @@ +########################################################################################## +# WARNING! This workflow uses the 'pull_request_target' event. That mans that it will # +# always run in the context of the main actualbudget/actual repo, even if the PR is from # +# a fork. This is necessary to get access to a GitHub token that can modify the PR. # +# Be VERY CAREFUL about adding things to this workflow, since forks can inject # +# arbitrary code into their branch, and can pollute the artifacts we download. Arbitrary # +# code execution in this workflow could lead to a compromise of the main repo. # +########################################################################################## +# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests # +########################################################################################## + +name: Trafico Reviews + +on: + pull_request_target: + types: + - opened + - closed + - reopened + - synchronize + - edited + - review_requested + - review_request_removed + pull_request_review: + types: [submitted, edited, dismissed] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + manage-review: + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - uses: actualbudget/trafico@main + with: + github-token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From c9551c1fe9dc4a73500dd0647f1b9315db7a8758 Mon Sep 17 00:00:00 2001 From: matt Date: Wed, 19 Jun 2024 19:58:24 +0000 Subject: [PATCH 2/2] note --- upcoming-release-notes/380.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 upcoming-release-notes/380.md diff --git a/upcoming-release-notes/380.md b/upcoming-release-notes/380.md new file mode 100644 index 000000000..ec202c955 --- /dev/null +++ b/upcoming-release-notes/380.md @@ -0,0 +1,6 @@ +--- +category: Maintenance +authors: [twk3] +--- + +Switch to using a Trafico GitHub action to restore review management.