Nirmal Savinda
Reputation: 1
Trigger GitHub Actions Workflow on Pull Request Review Submission
I want to trigger a GitHub Actions workflow when a pull request review is submitted. However, I need to ensure that:
- The workflow cannot be modified from within the pull request itself.
- The workflow has write permissions, even when the pull request comes from a forked repository.
I found that the
pull_request_reviewevent can trigger workflows on review submissions, but it can be manipulated in the PR and lacks write permissions when the PR comes from a fork.
How can I securely trigger a workflow on review submission while ensuring it can't be altered in the PR and retains write access?
I used the pull_request_review event to trigger the workflow
on:
pull_request_review:
types: [submitted]
The workflow can be modified within the PR, making it a security risk, and it lacks write permissions when triggered from a forked repository.
I expected the workflow to trigger securely when a review is submitted, without allowing the PR to modify it, and to retain write permissions, even for forked PRs.
Upvotes: 0
Views: 20
Answers (0)
Related Questions
- How can I check out a GitHub pull request with git?
- Why is a git 'pull request' not called a 'push request'?
- Pull new updates from original GitHub repository into forked GitHub repository
- Pull request vs Merge request
- Preferred Github workflow for updating a pull request after code review
- Delete a closed pull request from GitHub
- GitHub Actions: how can I run a workflow created on a non-'master' branch from the 'workflow_dispatch' event?
- Renaming a branch while on pull request
- Is there a way to force Github actions use main branch workflow files in a pull request trigger from a fork?
- How to resume review process after updating pull request at GitHub?