Anyone with write access to a repository can create, read, and use secrets.
Suppose there is a GitHub repository secret that contains a token for deploying to the staging (or even production) environment.
Any collaborator with write permissions can create a new GitHub workflow file, use the repository secret to deploys to staging/production environment in that workflow file, push the changes into any branch and thus trigger this workflow.
As a result, an arbitrary version of the code will be deployed.
Is it possible to prevent this and allow triggering deployment only to authorized users?