π° Custom Issue
Reference: #6809
Require to investigate the insecure use of on: pull_request_target within the iris/.github/workflows/ci-template-check.yml GHA and consider alternatives.
β Also applies to workflows/.github/workflows/ci-template-check-pr.yml.
Ideally we should be using on: pull_request, however this may break the entire template workflow.
In the meantime, an explicit # zizmor: ignore[dangerous-triggers] exception has been added to ci-template-check.yml.
Also see https://docs.zizmor.sh/audits/#dangerous-triggers
π° Custom Issue
Reference: #6809
Require to investigate the insecure use of
on: pull_request_targetwithin theiris/.github/workflows/ci-template-check.ymlGHA and consider alternatives.β Also applies to
workflows/.github/workflows/ci-template-check-pr.yml.Ideally we should be using
on: pull_request, however this may break the entire template workflow.In the meantime, an explicit
# zizmor: ignore[dangerous-triggers]exception has been added toci-template-check.yml.Also see https://docs.zizmor.sh/audits/#dangerous-triggers