winget.yml: switch to manually using wingetcreate #15023
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It was brought to my attention that we should be more restrictive in which tasks we ovver a GitHub token to. Sorry! With thanks to sitiom for the version parsing and the magic GitHub action syntax incantation for determining what is a prerelease.
zadjii-msft
approved these changes
Mar 20, 2023
lhecker
approved these changes
Mar 20, 2023
|
I would be interested to know what is the security issue with the github token? It's supposed to be a token for a bot account that has winget pkg forked right? even if a malicious actor obtained the token somehow, he can't do anything with it since the bot account doesn't have permission to do anything? |
DHowett
pushed a commit
that referenced
this pull request
May 29, 2023
[The winget-releaser action] automatically generates manifests for the [Winget Community Repository] and submits them. I suggest adding Dependabot to keep the action up to date. There were many cases where the action was failing due to an outdated version. Closes #14795 [The winget-releaser action]: https://github.com/vedantmgoyal2009/winget-releaser [Winget Community Repository]: https://github.com/microsoft/winget-pkgs (cherry picked from commit bee22f3) winget: use the correct fork-user (cherry picked from commit e1079d8) winget.yml: switch to manually using wingetcreate (#15023) It was brought to my attention that we should be more restrictive in which tasks we ovver a GitHub token to. Sorry! With thanks to sitiom for the version parsing and the magic GitHub action syntax incantation for determining what is a prerelease. (cherry picked from commit 5a34d92)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It was brought to my attention that we should be more restrictive in which tasks we ovver a GitHub token to. Sorry!
With thanks to sitiom for the version parsing and the magic GitHub action syntax incantation for determining what is a prerelease.