From 63ad54145aa02d0b5529426c279a28b0987d836f Mon Sep 17 00:00:00 2001 From: Katie Gengler Date: Mon, 23 Sep 2024 10:07:51 -0400 Subject: [PATCH] Update plan-release.yml to support labeling after merge --- .github/workflows/plan-release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/plan-release.yml b/.github/workflows/plan-release.yml index b3e84889..f76aa891 100644 --- a/.github/workflows/plan-release.yml +++ b/.github/workflows/plan-release.yml @@ -4,9 +4,10 @@ on: branches: - main - master - pull_request: + pull_request_target: # This workflow has permissions on the repo, do NOT run code from PRs in this workflow. See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ types: - labeled + - unlabeled concurrency: group: plan-release # only the latest one of these should ever be running @@ -41,7 +42,7 @@ jobs: explanation: ${{ steps.explanation.outputs.text }} # only run on push event if plan wasn't updated (don't create a release plan when we're releasing) # only run on labeled event if the PR has already been merged - if: (github.event_name == 'push' && needs.check-plan.outputs.command != 'release') || (github.event_name == 'pull_request' && github.event.pull_request.merged == true) + if: (github.event_name == 'push' && needs.check-plan.outputs.command != 'release') || (github.event_name == 'pull_request_target' && github.event.pull_request.merged == true) steps: - uses: actions/checkout@v4