mirrors/mermaid

Commit Graph

Author	SHA1	Message	Date
Alois Klink	a1673d3aca	ci(pr-labeler): replace TimonVS/pr-labeler-action Replace the `TimonVS/pr-labeler-action` with `release-drafter/release-drafter` as it has an [`autolabeler`][1] option that can autolabel PRs for us. This should fix labeling PRs from forks, see https://github.com/TimonVS/pr-labeler-action/issues/25. I've kept the `.github/pr-labeler.yml` configuration file, so that links to it from the https://mermaid.js.org website continue to work. I've also kept everything in the same `.github/workflows/pr-labeler.yml` GitHub Actions workflow to make the `git diff` easier to review, and to keep the GitHub Actions permissions the same. [1]: `ff929b5ceb/README.md (autolabeler)`	2023-09-24 19:18:56 +01:00
Alois Klink	dc22189eef	docs(ci/pr-labeler): warn about security issues Using `pull_request_target` is pretty dangerous, since it heavily increases the risk of malicious PRs getting access to the mermaid-js repo. What we're doing currently is safe, but we should add a warning message just to ensure that we're very careful when we make changes. See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/	2023-09-24 19:17:03 +01:00
Alois Klink	b928e60d8b	ci(pr-labeler): limit GITHUB_TOKEN permissions Limit the `GITHUB_TOKEN` permissions for `TimonVS/pr-labeler-action` to the minimum required permissions.	2023-09-24 19:16:38 +01:00
renovate[bot]	886d1c15c4	chore(deps): update timonvs/pr-labeler-action action to v4	2023-02-09 00:51:38 +00:00
Matthieu MOREL	b9513c80eb	chore(ci) : fix pr-labeler failure Signed-off-by: Matthieu MOREL <mmorel-35@users.noreply.github.com>	2021-09-07 09:34:25 +02:00
Christian Klemm	bbc4ede768	Added first workflows	2019-11-30 23:23:09 +01:00

6 Commits