Changed pull_request_target to pull_request (#194)

arpit-jn · web-flow · commit c82732970662 · 2024-10-04T19:51:34.000+05:30
### Changes - Change pull_request_target to pull_request for better security. - Remove the authorize job from the list of jobs defined in that workflow. - Remove the dependency on authorize job for other jobs in that workflow by looking for the line needs: authorize. ### Checklist [ ] I have read the [Auth0 general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md) [ ] I have read the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md) [ ] All existing and new tests complete without errors
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -2,7 +2,7 @@ name: Semgrep
 
 on:
   merge_group:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -20,16 +20,7 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-
   check:
-    needs: authorize
-
     name: Check for Vulnerabilities
     runs-on: ubuntu-latest
 
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -2,7 +2,7 @@ name: Snyk
 
 on:
   merge_group:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -26,16 +26,8 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-
   configure:
     name: Configure
-    needs: [authorize]
     runs-on: ubuntu-latest
 
     outputs:
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -2,7 +2,7 @@ name: Build and Test
 
 on:
   merge_group:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -17,16 +17,8 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-
   configure:
     name: Configure
-    needs: [authorize]
     runs-on: ubuntu-latest
 
     outputs:
