use pull_request_target instead of pull_request

GitHub Actions run when a PR is raised, should use the SYNK_TOKEN from the base repo instead of the forked repo. Also making sure that this action runs only for authorized users.
openshift-eng · Mar 29, 2023 · 08578bb · 08578bb
1 parent e6774dd
commit 08578bb
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/.github/workflows/snyk_security.yaml b/.github/workflows/snyk_security.yaml
@@ -1,6 +1,10 @@
 name: Snyk Scan
 
-on: [ push, pull_request ]
+on:
+  push: { }
+  pull_request_target:
+    types: [ opened ]
+    if: github.actor in ['jupierce', 'sosiouxme', 'thiagoalessio', 'joepvd', 'thegreyd', 'vfreex', 'locriandev', 'Ximinhan', 'ashwindasr']
 
 jobs:
   snyk:
@@ -18,4 +22,4 @@ jobs:
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          command: code test
+          command: code test