From 56f11963d217ef717e9b101f8af7fec30000925b Mon Sep 17 00:00:00 2001 From: Alice Dahan Date: Fri, 10 Jan 2025 17:45:42 +0100 Subject: [PATCH] =?UTF-8?q?chore:=20active=20le=20d=C3=A9ploiement=20sur?= =?UTF-8?q?=20les=20PR=20de=20fork?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy.yaml | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index dcd1b3737..2557445c3 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -1,9 +1,9 @@ name: Déploiement on: - pull_request: + pull_request_target: types: [opened, synchronize] push: - branches: [master, demo, next] + branches: [master] # We display the release notes in the "news" section of mon-entreprise.urssaf.fr so # we want to re-deploy the site when a new release is published or edited on @@ -142,7 +142,26 @@ jobs: matrix: site: ['', 'en'] steps: - - uses: actions/checkout@v3 + # https://michaelheap.com/access-secrets-from-forks/ + - name: Get User Permission + id: checkAccess + uses: actions-cool/check-user-permission@v2 + with: + require: write + username: ${{ github.triggering_actor }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Check User Permission + if: steps.checkAccess.outputs.require-result == 'false' + run: | + echo "${{ github.triggering_actor }} does not have permissions on this repo." + echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" + echo "Job originally triggered by ${{ github.actor }}" + exit 1 + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} # This is dangerous without the first access check - uses: actions/download-artifact@v3 with: name: static-site