mirror of
https://github.com/zebrajr/react.git
synced 2026-01-15 12:15:22 +00:00
156f0eca20
`pull_request_target` gives access to repository secrets and permissions for use from forks, for example to add a comment. > Due to the dangers inherent to automatic processing of PRs, GitHub’s standard pull_request workflow trigger by default prevents write permissions and secrets access to the target repository. However, in some scenarios such access is needed to properly process the PR. To this end the pull_request_target workflow trigger was introduced. > The reason to introduce the pull_request_target trigger was to enable workflows to label PRs (e.g. needs review) or to comment on the PR. (via https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/) In this case there is no reason for us to allow this, so let's just use the normal `pull_request` trigger which is less permissive. --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/facebook/react/pull/32708). * __->__ #32708 * #32709