Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add support for pull_request_target events #32

Merged
merged 5 commits into from
Dec 5, 2023
Merged

Conversation

maxrake
Copy link
Contributor

@maxrake maxrake commented Oct 25, 2023

This is the documentation update that goes with phylum-dev/phylum-ci#331

Changes made include:

  • Update the action tagline and marketplace description
    • Provide a better value proposition
  • Add information about supporting pull requests from repository forks
    • Pre-requisite event for workflow triggers
    • How to check out the PR repository
  • Add warnings about the security implications of supporting PR forks
    • Provide links explaining the risks
    • Provide guidance on how to use the Phylum GHA in a secure manner
  • Add a FAQs section to the README
    • Explain why there can be both a failing status check and a success
      comment
    • Explain why analysis can fail for PRs from forked repositories
  • Change more instances of lock.file to dependency.file

This is the documentation update that goes with phylum-dev/phylum-ci#331

Changes made include:

* Update the action tagline and marketplace description
  * Provide a better value proposition
* Add information about supporting pull requests from repository forks
  * Pre-requisite event for workflow triggers
  * How to check out the PR repository
* Add warnings about the security implications of supporting PR forks
  * Provide links explaining the risks
  * Provide guidance on how to use the Phylum GHA in a secure manner
* Change more instances of `lock.file` to `dependency.file`
@maxrake maxrake self-assigned this Oct 25, 2023
@maxrake maxrake requested a review from a team as a code owner October 25, 2023 15:47
@maxrake maxrake requested a review from kylewillmon October 25, 2023 15:47
README.md Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Show resolved Hide resolved
janasheehan
janasheehan previously approved these changes Dec 5, 2023
The new FAQs section seeks to address some common questions that may
arise from making use of the new `pull_request_target` support. Namely,
why analysis fails for PRs from forked repositories and how to remove
that failure.
README.md Outdated Show resolved Hide resolved
@maxrake maxrake requested a review from kylewillmon December 5, 2023 20:21
@maxrake maxrake merged commit c77a755 into main Dec 5, 2023
1 check passed
@maxrake maxrake deleted the gh_pr_target branch December 5, 2023 20:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants