Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: add specific file on git #239

Open
jeankev opened this issue Nov 23, 2023 · 2 comments
Open

Security: add specific file on git #239

jeankev opened this issue Nov 23, 2023 · 2 comments

Comments

@jeankev
Copy link

jeankev commented Nov 23, 2023

Hi, thank you for your very practical github action!

I saw in the code that you do a git "add."
this is dangerous for certain workflows which could lead to storing "sensitive" files in previous steps and then add and commit + push in your action

From my point of view it would be cool to add only the changelog (depending on the name options chosen in the call to the github action)?

or to propose a parameter to choose the files to commit yourself?

I don't know.

PS: a simple addition in the gitignore could avoid this kind of error but it avoids errors
@chelsea-codes
Copy link

chelsea-codes commented Dec 19, 2023
edited

I agree completely.

By default, I would expect the bare minimum files for versioning to be committed, and then use an override if you want to commit all with git add .. Or even better choose the files to add, as was suggested by OP, so that files are added and committed with intention.

@TriPSs
Copy link
Owner

TriPSs commented Dec 19, 2023

@chelsea-codes @jeankev an PR would be appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@TriPSs @jeankev @chelsea-codes