ongdisheng commented on issue #678:
URL: https://github.com/apache/fesod/issues/678#issuecomment-3566965858
Hi @delei, you're correct about the security issue with `pull_request` not
being able to access secrets from forks. The solution is to change
`pull_request` to `pull_request_target` in `preview-docs.yml`. This runs the
workflow in the base repository's context so it can access secrets. Since we're
only building static documentation and deploying to Netlify, it's safe to use
`pull_request_target` here. Would you like me to submit a separate PR for this
change, or would you prefer to test it first on an existing PR #707?
Changes that need to be made:
```yml
name: Preview Documentation
on:
- pull_request:
+ pull_request_target:
paths:
- 'website/**'
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
