{"author_name":"a666666","blog_title":"@kyanny's blog","categories":[],"published":"2022-01-02 18:06:36","url":"https://blog.kyanny.me/entry/2022/01/02/180636","blog_url":"https://blog.kyanny.me/","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fblog.kyanny.me%2Fentry%2F2022%2F01%2F02%2F180636\" title=\"GitHub Actions \u306e on: pull_request \u3068 on: pull_request_target \u306e\u9055\u3044 - @kyanny&#39;s blog\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","image_url":null,"version":"1.0","provider_url":"https://hatena.blog","provider_name":"Hatena Blog","title":"GitHub Actions \u306e on: pull_request \u3068 on: pull_request_target \u306e\u9055\u3044","width":"100%","height":"190","author_url":"https://blog.hatena.ne.jp/a666666/","description":"\u4ee5\u4e0b\u306e\u70b9\u304c\u7570\u306a\u308b\u3002 fork \u306b\u5bfe\u3057\u3066\u30ea\u30dd\u30b8\u30c8\u30ea\u3078\u306e Write \u6a29\u9650\u3092\u4e0e\u3048\u308b\u304b\u3069\u3046\u304b secrets \u3092\u8aad\u3081\u308b\u304b\u3069\u3046\u304b \u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u3069\u306e\u30b3\u30df\u30c3\u30c8\u3092 checkout \u3059\u308b\u304b \u8a73\u7d30\u306f https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ \u8272\u3005\u3084\u3084\u3053\u3057\u3044\u30fb\u30fb Approving workflow runs from public forks - GitHub Docs Security hardening for GitHub Actions - GitHub Docs GitHub Act\u2026","type":"rich"}