Skip to content

ci: disable style.md write-back for PRs created from a fork#267

Merged
sywhang merged 1 commit into
uber-go:masterfrom
EstebanOlmedo:use-pull-request
Apr 14, 2026
Merged

ci: disable style.md write-back for PRs created from a fork#267
sywhang merged 1 commit into
uber-go:masterfrom
EstebanOlmedo:use-pull-request

Conversation

@EstebanOlmedo
Copy link
Copy Markdown
Contributor

@EstebanOlmedo EstebanOlmedo commented Apr 14, 2026
edited
Loading

Recently there have been different pull requests trying to steal github
secrets using a pwn request, and even though the current CI workflow is
safe as it doesn't execute code, but only reads changes made to markdown
files to auto-update the style.md file, using the pull_request_target
action is dangerous (ref).

For this reason, this commit disables the
auto-commit write-back of style.md for PRs generated from forks, and
updates the CONTRIBUTING.md file with instructions on how to regenerate the
file locally.

@EstebanOlmedo
ci: disable style.md write-back for PRs created from a fork
3ed5082 
Recently there have been different pull requests trying to steal github
secrets using a `pwn` request, and even though the current CI workflow is
safe as it doesn't execute code, but only reads changes made to markdown
files to auto-update the style.md file, using the `pull_request_target`
action is dangerous. For this reason, this commit disables the
auto-commit write-back of style.md for PRs generated from forks, and
updates the CONTRIBUTING file with instructions on how to regenerate the
file locally.
@sywhang sywhang merged commit 525ae9b into uber-go:master Apr 14, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sywhang sywhang sywhang approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@EstebanOlmedo @sywhang