Created welcome Message yml #520
Conversation
Created welcome message upon creating a first issue and first pr.
There was a problem hiding this comment.
Looks good to me!
@JamesMGreene Do you think we'd be able to test this out using your second account, once merged?
There was a problem hiding this comment.
This workflow looks good overall, though I left a few suggestions for best practices.
I don't see anything here that would warrant the need to run it in a separate account first, so just make sure to keep an eye out for potential failing runs in the future. 👍🏻
| types: [opened] | ||
| pull_request_target: | ||
| types: [opened] | ||
|
|
There was a problem hiding this comment.
It's a best practice to restrict the permissions granted to the GITHUB_TOKEN to just the minimum set that are relevant to the workflow/job:
| permissions: | |
| issues: write | |
| pull-requests: write | |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: 'Greet the contributor' | ||
| uses: garg3133/welcome-new-contributors@v1.2 |
There was a problem hiding this comment.
From a security perspective, I would recommend you pin to a specific commit of the Action to ensure its tag (e.g. v1.2) is not maliciously swapped out from under you without giving you the opportunity to review it:
| uses: garg3133/welcome-new-contributors@v1.2 | |
| uses: garg3133/welcome-new-contributors@a38583ed8282e23d63d7bf919ca2d9fb95300ca6 |
There was a problem hiding this comment.
@Alex-is-Gonzalez I think it's best we move forward with James's advice and update the workflow. :)
|
@JamesMGreene Thank you for the thorough feedback! I learned a lot from this, I went ahead and changed the yml based on the notes provided! |
Created welcome message upon creating a first issue and first pr.