github-starred/actual
2
0
Fork 0
mirror of https://github.com/actualbudget/actual.git synced 2026-03-22 00:13:45 -05:00
Code Issues 250 Packages Projects Releases 53 Wiki Activity
Files
25f9ea3f977cd23877c666bd9a54a18bf2b35627
actual/.github/workflows/issues-feature-implemented.yml
Matt Fiddaman 25f9ea3f97 ⬆️ bump github action versions (#6014) 
* actions/checkout v5

* actions/setup-node v6

* actions/upload-artifact v5

* actions/download-artifact v6

* actions/stale v10

* aidan-mundy/react-to-issue v1

* twk3/rollup-size-compare-action v1

* actions/github-script v8

* dawidd6/action-download-artifact v11

* fountainhead/action-wait-for-check v1

* peter-evans/create-or-update-comment v5

* docker/build-push-action v6

* note
2025-11-05 23:56:17 +00:00

36 lines
1.5 KiB
YAML
Raw Blame History

name: Handle completed feature requests
##########################################################################################
# WARNING! This workflow uses the 'pull_request_target' event. That mans that it will #
# always run in the context of the main actualbudget/actual repo, even if the PR is from #
# a fork. This is necessary to get access to a GitHub token that can post a comment on #
# the PR. Be VERY CAREFUL about adding things to this workflow, since forks can inject #
# arbitrary code into their branch, and can pollute the artifacts we download. Arbitrary #
# code execution in this workflow could lead to a compromise of the main repo. #
##########################################################################################
# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests #
##########################################################################################
on:
pull_request_target:
types: [closed]
permissions:
issues: write
jobs:
handle-feature-requests:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
# This is not a security concern because we have approved & merged the PR
- uses: actions/checkout@v5
- uses: actions/setup-node@v6
with:
node-version: 22
- name: Handle feature requests
run: node .github/actions/handle-feature-requests.js
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Reference in New Issue View Git Blame Copy Permalink