workflow_dispatch
security
#3688
Unanswered
thelovekesh
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
If a GitHub repository has a
workflow_dispatch
workflow, users can manually trigger it from any branch once the workflow is merged into the base branch.However, if a user with access creates a new branch, modifies the workflow, and then triggers it with modified changes, this could present a security risk, as workflow runner logs might be deleted.
Is it possible to restrict users to only running the workflow from the main branch? Or, alternatively, can we require approval before allowing the workflow to be triggered from any other branch?
Beta Was this translation helpful? Give feedback.
All reactions