탐색 도움말
가입하기 로그인
coolbeer
/
cryptomator
의 미러 https://github.com/cryptomator/cryptomator.git
1
0
포크 0
파일 이슈 0 위키
소스 검색

update CI config for pull requests

see https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Sebastian Stenzel 3 년 전
부모
6c6f6baf12
커밋
7f833d2567
2개의 변경된 파일32개의 추가작업 그리고 7개의 파일을 삭제
분할 보기 변경상태 보기
  1. 6 7
      .github/workflows/build.yml
  2. 26 0
      .github/workflows/pullrequest.yml

+ 6 - 7
.github/workflows/build.yml
파일 보기 

@@ -2,6 +2,8 @@ name: Build
 
 
 on:
 
   push:
 
+  pull_request_target:
 
+    types: [labeled]
 
 
 env:
 
   JAVA_VERSION: 17
 
@@ -17,19 +19,16 @@ jobs:
 
     if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
 
     steps:
 
       - uses: actions/checkout@v2
 
-      - uses: actions/setup-java@v1
 
+      - uses: actions/setup-java@v2
 
         with:
 
+          distribution: 'temurin'
 
           java-version: ${{ env.JAVA_VERSION }}
 
-      - uses: actions/cache@v2
 
-        with:
 
-          path: ~/.m2/repository
 
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
 
-          restore-keys: |
 
-            ${{ runner.os }}-maven-
 
+          cache: 'maven'
 
       - name: Build and Test
 
         run: mvn -B clean install jacoco:report -Pcoverage,dependency-check
 
       - name: Upload code coverage report
 
         id: codacyCoverageReporter
 
+        if: "contains(github.event.pull_request.labels.*.name, 'pr:safe')"
 
         run: bash <(curl -Ls https://coverage.codacy.com/get.sh)
 
         env:
 
           CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}

+ 26 - 0
.github/workflows/pullrequest.yml
파일 보기 

@@ -0,0 +1,26 @@
 
+name: Pull Request
 
+
 
+on:
 
+  pull_request:
 
+
 
+env:
 
+  JAVA_VERSION: 17
 
+
 
+defaults:
 
+  run:
 
+    shell: bash
 
+
 
+jobs: 
+  test:
 
+    name: Compile and Test
 
+    runs-on: ubuntu-latest
 
+    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
 
+    steps:
 
+      - uses: actions/checkout@v2
 
+      - uses: actions/setup-java@v2
 
+        with:
 
+          distribution: 'temurin'
 
+          java-version: ${{ env.JAVA_VERSION }}
 
+          cache: 'maven'
 
+      - name: Build and Test
 
+        run: mvn -B clean install jacoco:report -Pcoverage,dependency-check