forked from bitwarden/clients
-
Notifications
You must be signed in to change notification settings - Fork 0
44 lines (38 loc) · 1.19 KB
/
Copy pathbuild-browser-target.yml
File metadata and controls
44 lines (38 loc) · 1.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# This workflow is intended to be run when we need to build the client and produce artifacts that require secrets
# when the PR source branch does not have access to secrets (e.g. a fork).
# This workflow will run in the context of the target of the PR and have access to secrets.
# This should only be done after reviewing the PR to ensure that no malicious code has been introduced,
# as it could allow the code on the forked branch to have access to workflow secrets.
name: Build Browser on PR Target
on:
pull_request_target:
types: [opened, synchronize, reopened]
branches:
- main
paths:
- 'apps/browser/**'
- 'libs/**'
- '*'
- '!*.md'
- '!*.txt'
workflow_call:
inputs: {}
defaults:
run:
shell: bash
jobs:
check-run:
name: Check PR run
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
permissions:
contents: read
run-workflow:
name: Build Browser
needs: check-run
if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
uses: ./.github/workflows/build-browser.yml
secrets: inherit
permissions:
contents: write
pull-requests: write
id-token: write