sass-site

danog/sass-site

Fork 0

mirror of https://github.com/danog/sass-site.git synced 2024-12-04 02:17:57 +01:00

Commit Graph

Author	SHA1	Message	Date
Natalie Weizenbaum	51b6d440fd	Separate out building and updating the shadow repo (#750 ) We can't update it directly from PRs because external PRs are run in an untrusted context without secrets access. Instead, as suggested by [this article], we build the site in an untrusted workflow and then push it in a trusted workflow that has no access to the PR contents itself. [this article]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/,	2023-06-27 13:41:00 -07:00

Author

SHA1

Message

Date

Natalie Weizenbaum

51b6d440fd

Separate out building and updating the shadow repo (#750 )

We can't update it directly from PRs because external PRs are run in
an untrusted context without secrets access. Instead, as suggested by
[this article], we build the site in an untrusted workflow and then
push it in a trusted workflow that has no access to the PR contents
itself.

[this article]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/,

2023-06-27 13:41:00 -07:00

1 Commits