Skip to content

Receive Fork Review #3697

Receive Fork Review

Receive Fork Review #3697

# Description: This workflow verifies that the PR is from a fork and is approved.
#
# Triggered by: PR is reviewed
name: Receive Fork Review
on:
pull_request_review:
types: [submitted]
jobs:
fetch-commit:
# only run the workflow when PR is from a fork and when the PR is reviewed and approved, and is targeting `main`.
if: |
(github.event.pull_request.head.repo.full_name != github.repository) &&
(github.event.review.state == 'approved') &&
(github.event.pull_request.base.ref == 'main')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
# This is intended to pass commit id, base_sha, and pr number to run-e2e-on-fork workflow.
# Reference: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
- name: Save commit ID, base sha, and pull request number
run: |
mkdir -p ./commit
echo ${{ github.event.pull_request.base.sha }} > ./commit/base_sha
echo ${{ github.event.review.commit_id }} > ./commit/commit_id
echo ${{ github.event.pull_request.number }} > ./commit/pr_number
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 https://github.com/actions/upload-artifact/commit/0b7f8abb1508181956e8e162db84b466c27e18ce
with:
name: commit
path: commit/