From 04f49056b0a9ae68436610f70a6786dfd3076588 Mon Sep 17 00:00:00 2001 From: "Hunter T." Date: Wed, 27 Nov 2024 01:48:44 -0800 Subject: [PATCH] Add extra security via validating PR source branch --- .github/workflows/update-submodule-files.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/update-submodule-files.yml b/.github/workflows/update-submodule-files.yml index c5aca5e..31b4c35 100644 --- a/.github/workflows/update-submodule-files.yml +++ b/.github/workflows/update-submodule-files.yml @@ -22,6 +22,13 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} submodules: true + - name: Validate PR source branch + run: | + if [[ ${{ github.event.pull_request.head.repo.full_name }} != '${{ github.repository }}' ]]; then + echo "Untrusted repository detected! Exiting."; + exit 1; + fi + - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v6 with: