Y
Hacker News
new
|
ask
|
show
|
jobs
by
neximo64
2229 days ago
Cant you create a github action in a commit that simply spits the secret out? Anyone know how to prevent this hack? Is there a way to have an open repo except for the actions folder?
1 comments
jsmeaton
2229 days ago
You can prevent forks from running actions which guards against external parties.
Nothing to be done about internal parties except policies.
link
neximo64
2229 days ago
Policies, a verbal rule with your devs?
link
skybrian
2228 days ago
Mandatory code review would do it.
link
jsmeaton
2216 days ago
Not really, because people could change the action on their PR and have it run. Unless you've got a fork based workflow internally.
link
Nothing to be done about internal parties except policies.