EIPs icon indicating copy to clipboard operation
EIPs copied to clipboard

Published 20 hours ago verified publisher icon ethereum

GitHub actions don't run for first time contributors

Open SamWilsn opened this issue 3 years ago • 24 comments
trafficstars

Pull Request

https://github.com/ethereum/EIPs/pull/5164

What happened?

eipw and friends didn't run automatically for this PR since this is the authors first time contributing.

Relevant log output

No response

SamWilsn avatar Jul 22 '22 15:07 SamWilsn

This is due to ~~a branch protection rule~~ a setting. CC @MicahZoltu @lightclient

image

Pandapip1 avatar Jul 22 '22 19:07 Pandapip1

I don't think so. I think this is just the default for GitHub actions.

SamWilsn avatar Jul 22 '22 19:07 SamWilsn

Any idea what happens if a first-time-contributor submits a PR that touches a .workflow file, such as to print out secrets? While the number of second time editors to this repo is incredibly high, at least the current setup makes it a little harder to execute such an attack...

MicahZoltu avatar Jul 23 '22 03:07 MicahZoltu

We should probably limit the set of actions that can be run to protect against that attack vector more broadly, though I think there are actions that let you run arbitrary shell commands so I'm not sure that would help much.

MicahZoltu avatar Jul 23 '22 03:07 MicahZoltu

Needs reopening.

Pandapip1 avatar Jul 26 '22 18:07 Pandapip1

We should probably limit the set of actions that can be run to protect against that attack vector more broadly, though I think there are actions that let you run arbitrary shell commands so I'm not sure that would help much.

The prescience of this comment is alarming. 😬

MicahZoltu avatar Jul 27 '22 05:07 MicahZoltu

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

github-actions[bot] avatar Aug 31 '22 00:08 github-actions[bot]

Still an issue.

Pandapip1 avatar Aug 31 '22 15:08 Pandapip1

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

github-actions[bot] avatar Sep 08 '22 00:09 github-actions[bot]

Still an issue.

Pandapip1 avatar Sep 08 '22 01:09 Pandapip1

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

github-actions[bot] avatar Sep 19 '22 00:09 github-actions[bot]

Still an issue :|

Pandapip1 avatar Sep 19 '22 00:09 Pandapip1

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

github-actions[bot] avatar Sep 27 '22 00:09 github-actions[bot]

Still an issue

Pandapip1 avatar Sep 27 '22 12:09 Pandapip1

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

github-actions[bot] avatar Oct 06 '22 00:10 github-actions[bot]

Still an issue.

Pandapip1 avatar Oct 06 '22 11:10 Pandapip1

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

github-actions[bot] avatar Oct 15 '22 00:10 github-actions[bot]

Still an issue.

Pandapip1 avatar Oct 17 '22 13:10 Pandapip1

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

github-actions[bot] avatar Oct 25 '22 00:10 github-actions[bot]

Still an issue.

Pandapip1 avatar Oct 25 '22 13:10 Pandapip1

What do we need to do to resolve this?

lightclient avatar Nov 02 '22 13:11 lightclient

Unsure.

Pandapip1 avatar Nov 02 '22 13:11 Pandapip1

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

github-actions[bot] avatar Nov 10 '22 00:11 github-actions[bot]

Still an issue :|

Pandapip1 avatar Nov 11 '22 00:11 Pandapip1

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

github-actions[bot] avatar Nov 19 '22 00:11 github-actions[bot]

I think this is still an issue.

Pandapip1 avatar Nov 19 '22 03:11 Pandapip1

I actually haven't seen this happen recently, so I'll assume that something solved this.

Pandapip1 avatar Nov 21 '22 16:11 Pandapip1