8611742286
Look, let's just be real here: GitHub needs to redo the entire permission model for GitHub. There is no way to create a secure combination of the following elements: post comment, edit comment, and post status check. If you want to be able to post comments, you have to authorize a token or app to have full authority to do literally anything that the user can do on a public repo. Full stop. If you want to post a status check, you have to give the user write access to the entire repo, which makes the first issue a problem. You can't just explicitly make a token that says "only allow this user to post and edit its own comments" and "allow this user to post status checks" because write access on the repo implies authority over all other issues/PRs opened by other people. Now Cardinal's token is restricted to just status checks, and we're using a different action. Thanks a ton for the huge mess Github.
22 lines
575 B
YAML
22 lines
575 B
YAML
name: Danger
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
types: [synchronize, edited, opened, reopened]
|
|
jobs:
|
|
build:
|
|
name: Run changelog check
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
submodules: 'recursive'
|
|
- name: Changelog check
|
|
uses: Zomzog/changelog-checker@564f4aa7a062e7498bd253f616569f02fb024c06
|
|
with:
|
|
fileName: CHANGELOG.md
|
|
noChangelogLabel: Blocked
|
|
checkNotification: Simple
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.CARDINAL_PAT_CI_STATUS }}
|
|
|