Devops 825 #102
Devops 825 #102
Conversation
…nfig file zizmor interprets zizmor.yml as its config file
There was a problem hiding this comment.
Pull Request Overview
This PR updates GitHub Actions workflows to improve JIRA integration security and restrict execution to the main repository. The changes transition from deprecated authentication methods and prevent workflows from running on repository forks.
Key changes:
- Switched from
pull_request_targettopull_requesttrigger for better security - Updated JIRA authentication from basic auth to API token-based authentication
- Added repository restrictions to prevent workflow execution on forks
Reviewed Changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| .github/workflows/pr_add_jira_summary.yml | Updated trigger type, added fork restriction, and migrated to API token authentication |
| .github/workflows/issue_to_jira.yml | Added fork restriction to prevent execution on repository forks |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
|
||
| on: | ||
| pull_request_target: # zizmor: ignore[dangerous-triggers] | ||
| pull_request: |
There was a problem hiding this comment.
Changing from 'pull_request_target' to 'pull_request' may introduce security risks. The 'pull_request_target' trigger runs in the context of the target repository with access to secrets, while 'pull_request' runs in the context of the fork without secret access. If this workflow requires access to JIRA secrets, it will fail when triggered by pull requests from forks.
| pull_request: | |
| pull_request_target: |
|
will try again another PR from fork |
|
see #103 |
1 participant
No description provided.