warehouse Don't allow trusted publishing token exchange from GitHub Actions if the `event_name` is `pull_request

Don't allow trusted publishing token exchange from GitHub Actions if the `event_name` is `pull_request_target`

Open di opened this issue 1 month ago • 0 comments

We started measuring this in #18887. If usage seems low to non-existent in a few weeks, we can likely just disable this, otherwise we may want to have a deprecation period.

#18886 is a draft PR to implement this.

(h/t @steiza)

Oct 20 '25 15:10 di

warehouse warehouse copied to clipboard

Don't allow trusted publishing token exchange from GitHub Actions if the `event_name` is `pull_request_target`

warehouse
warehouse copied to clipboard