themaster1970sf/TShock
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
TShock/.github
History
Lucas Nicodemus 613afc1d75 Use Cardinal for danger CI 
This change uses Cardinal's PAT for GitHub Actions CI. The way this
works is very convoluted, but it makes sense in theory.

1. Cardinal is a member of the Pryaxis org, in a group called "untrusted
   robots." She has write access to Pryaxis/TShock, so she can create
status messages. This is because GitHub only allows status messages to
be created if a user has write access.

2. Cardinal has a PAT, and that PAT only has access to creating
   repository status messages.

3. Danger requires permission to post comments and update CI status.

4. Cardinal's PAT is only authorized to create repo status messages, and
   cannot privilege escalate.

5. GitHub implicitly gives everyone the ability to post comments on
   public repositories.

Thus, this really interesting and weird flow should mean that Cardinal
can post comments and update status messages, by having write access but
functionally being unable to use it.

At least, that's the theory.
2021-05-23 12:23:08 -07:00
..
ISSUE_TEMPLATE Update defect report template 2020-05-24 20:46:54 -07:00
workflows Use Cardinal for danger CI 2021-05-23 12:23:08 -07:00
CODE_OF_CONDUCT.md Shuffle code of conduct a bit 2017-12-14 00:03:56 -07:00
config.yml Add changelog warning to maka comment 2020-06-06 20:37:01 -07:00
CONTRIBUTING.md Update contributing guidelines & issue template 2017-12-14 00:00:19 -07:00
FUNDING.yml Add recent collaborators to sponsors file 2021-05-22 11:16:41 -07:00
ISSUE_TEMPLATE.md Minor tweak to issue template 2017-12-14 00:04:21 -07:00
no-response.yml Add support for probot's noresponse bot 2018-05-05 01:10:50 -06:00
PULL_REQUEST_TEMPLATE.md Freshen the pull request template 2017-12-14 00:02:24 -07:00