actions/checkout
2
0
Fork 0
mirror of https://github.com/actions/checkout.git synced 2026-05-23 01:55:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: warn on non-default checkout during pull_request_target

Browse source 
Signed-off-by: Kengo TODA <skypencil@gmail.com>
This commit is contained in:
Kengo TODA 2026-05-13 08:32:55 +08:00
parent 900f2210b1
commit 5a3004714a
No known key found for this signature in database
5 changed files with 149 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
action.yml
View file

@ -98,6 +98,14 @@ inputs:
github-server-url:
description: The base URL for the GitHub instance that you are trying to clone from, will use environment defaults to fetch from the same instance that the workflow is running from unless specified. Example URLs are https://github.com or https://my-ghes-server.example.com
required: false
dangerously-checkout-non-default-branch:
description: >
Suppress the warning when pull_request_target checks out a non-default
branch from the workflow repository. Only set this to true when you
understand the security risk of running untrusted pull request code in a
privileged context.
https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
default: false
outputs:
ref:
description: 'The branch, tag or SHA that was checked out'