Github Action cloning parent of fork repository when initiated from child fork #27057
-
Github action step trying to run a bash script that calculates git diff has default work directory as the remote parent fork repository. This GitHub Action was initiated from a fork of the mentioned repository. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
Can you share the workflow code and describe the setup in more detail? This is too little information to help.
This sounds like you might use |
Beta Was this translation helpful? Give feedback.
-
I think this answers my question @Simran-B. Thanks for your response. |
Beta Was this translation helpful? Give feedback.
-
In case you want to learn more about
Keeping your GitHub Actions and workflows secure: Preventing pwn requestsIn this article, we’ll discuss some common security malpractices for GitHub Actions and workflows, and how to best avoid them. Our examples are based on real-world GitHub workflow implementation vulnerabilities the GitHub Security Lab has reported to... |
Beta Was this translation helpful? Give feedback.
Can you share the workflow code and describe the setup in more detail? This is too little information to help.
This sounds like you might use
pull_request_target
which will checkout the base branch instead of the head branch for security reasons (to prevent arbitrary users to be able to modify your workflow to leak secrets).