github-starred/actual
2
0
Fork 0
mirror of https://github.com/actualbudget/actual.git synced 2026-03-11 20:44:32 -05:00
Code Issues 250 Packages Projects Releases 53 Wiki Activity
Files
2ededcd854d2188e76e3103d07aeb50ca6d130fe
actual/.github/workflows/issues-feature-implemented.yml
Matt Fiddaman 155558ee62 drop support for node 20 (#5937) 
* node 24

* node types

* dockerfiles

* readme

* note
2025-10-18 23:58:27 +01:00

36 lines
1.5 KiB
YAML
Raw Blame History

name: Handle completed feature requests
##########################################################################################
# WARNING! This workflow uses the 'pull_request_target' event. That mans that it will #
# always run in the context of the main actualbudget/actual repo, even if the PR is from #
# a fork. This is necessary to get access to a GitHub token that can post a comment on #
# the PR. Be VERY CAREFUL about adding things to this workflow, since forks can inject #
# arbitrary code into their branch, and can pollute the artifacts we download. Arbitrary #
# code execution in this workflow could lead to a compromise of the main repo. #
##########################################################################################
# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests #
##########################################################################################
on:
pull_request_target:
types: [closed]
permissions:
issues: write
jobs:
handle-feature-requests:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
# This is not a security concern because we have approved & merged the PR
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- name: Handle feature requests
run: node .github/actions/handle-feature-requests.js
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Reference in New Issue View Git Blame Copy Permalink