Y
Hacker News
new
|
ask
|
show
|
jobs
by
judge2020
1391 days ago
For the target repo, only on the pull_request event[0] would run; nothing is being `push`ed to the repo, so it doesn't allow something like pushing an actions script that exfiltrates secrets.
0:
https://docs.github.com/en/actions/using-workflows/events-th...