From 721b86da09ff94624867049bba8a9edd89311e5d Mon Sep 17 00:00:00 2001 From: John Luo Date: Thu, 7 Dec 2023 18:12:38 -0500 Subject: [PATCH] Need to checkout repo to use composite actions --- .github/workflows/tugboat-pr-closed.yml | 11 +++++++++++ .github/workflows/tugboat-pr-opened.yml | 11 +++++++++++ .github/workflows/tugboat-pr-updated.yml | 11 +++++++++++ 3 files changed, 33 insertions(+) diff --git a/.github/workflows/tugboat-pr-closed.yml b/.github/workflows/tugboat-pr-closed.yml index a07ec9f18..80cf8869d 100644 --- a/.github/workflows/tugboat-pr-closed.yml +++ b/.github/workflows/tugboat-pr-closed.yml @@ -11,6 +11,17 @@ jobs: NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt name: Delete Tugboat Preview steps: + # The following checks out the code from the pull request. + # + # This is not normally secure or recommended. It is safe in this context, + # however, because we are not executing any code located within the PR + # branch or its commits, regardless of provenance. + # + # Do not execute any code located within the repository! + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} - name: Documentation Only PR Check uses: ./.github/actions/docs-only id: docs-only diff --git a/.github/workflows/tugboat-pr-opened.yml b/.github/workflows/tugboat-pr-opened.yml index 49d35d5b5..256c02b6e 100644 --- a/.github/workflows/tugboat-pr-opened.yml +++ b/.github/workflows/tugboat-pr-opened.yml @@ -12,6 +12,17 @@ jobs: NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt name: Create Tugboat Preview steps: + # The following checks out the code from the pull request. + # + # This is not normally secure or recommended. It is safe in this context, + # however, because we are not executing any code located within the PR + # branch or its commits, regardless of provenance. + # + # Do not execute any code located within the repository! + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} - name: Documentation Only PR Check uses: ./.github/actions/docs-only id: docs-only diff --git a/.github/workflows/tugboat-pr-updated.yml b/.github/workflows/tugboat-pr-updated.yml index d5bf1e1f0..a825a110b 100644 --- a/.github/workflows/tugboat-pr-updated.yml +++ b/.github/workflows/tugboat-pr-updated.yml @@ -11,6 +11,17 @@ jobs: NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt name: Rebuild Tugboat Preview steps: + # The following checks out the code from the pull request. + # + # This is not normally secure or recommended. It is safe in this context, + # however, because we are not executing any code located within the PR + # branch or its commits, regardless of provenance. + # + # Do not execute any code located within the repository! + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} - name: Documentation Only PR Check uses: ./.github/actions/docs-only id: docs-only