[llvm] [workflows] Split pr-code-format into two parts to make it more secure (PR #78216)
Aiden Grossman via llvm-commits
llvm-commits at lists.llvm.org
Mon Jan 15 22:44:51 PST 2024
https://github.com/boomanaiden154 commented:
Some comments. Seems to work at least somewhat given the comment on this PR.
Also, is there a way to use the `pull_request_target` event but without any permissions? That would allow code formatting to still run even if there is a merge conflict and would help alleviate security concerns about untrusted JSON input into the second job.
https://github.com/llvm/llvm-project/pull/78216
More information about the llvm-commits
mailing list