pass env GITHUB_TOKEN #331

rikkihamano · 2020-07-21T02:23:10Z

No description provided.

kslr · 2020-07-21T23:52:34Z

内置的github_token没办法对其他仓库修改，原来的token也是有效的，只是邮箱变成了未验证状态.
另外我尝试修改了用户名 56362ce

rikkihamano · 2020-07-22T00:23:57Z

内置的github_token没办法对其他仓库修改，原来的token也是有效的，只是邮箱变成了未验证状态.
另外我尝试修改了用户名 56362ce

感谢提醒，我刚刚发现 actions 似乎有安全问题，想请帮忙确认一下

manual/.github/workflows/deploy.yml

Lines 6 to 7 in d125369

    
           pull_request: 
        
             branches: [ master ]

manual/.github/workflows/deploy.yml

Lines 20 to 21 in d125369

    
           env: 
        
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

也就是说任何人都可以 fork 并修改 deploy.sh，然后提 PR，通过 token 对这个仓库做任何事情，是这样的吗

kslr · 2020-07-22T00:26:29Z

看起来是的，可以把token发送出去，所以应该把pull关掉

pass GITHUB_TOKEN

011a2f4

rikkihamano merged commit d125369 into v2ray:master Jul 21, 2020

rikkihamano mentioned this pull request Jul 22, 2020

disable schedule on PR #333

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pass env GITHUB_TOKEN #331

pass env GITHUB_TOKEN #331

Uh oh!

rikkihamano commented Jul 21, 2020

Uh oh!

kslr commented Jul 21, 2020

Uh oh!

rikkihamano commented Jul 22, 2020

Uh oh!

kslr commented Jul 22, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

pass env GITHUB_TOKEN #331

pass env GITHUB_TOKEN #331

Uh oh!

Conversation

rikkihamano commented Jul 21, 2020

Uh oh!

kslr commented Jul 21, 2020

Uh oh!

rikkihamano commented Jul 22, 2020

Uh oh!

kslr commented Jul 22, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants