mirror of
https://github.com/bitwarden/browser
synced 2025-12-06 00:13:28 +00:00
45 lines
1.2 KiB
YAML
45 lines
1.2 KiB
YAML
|
|
# This workflow is intended to be run when we need to build the client and produce artifacts that require secrets
|
|
# when the PR source branch does not have access to secrets (e.g. a fork).
|
|
# This workflow will run in the context of the target of the PR and have access to secrets.
|
|
# This should only be done after reviewing the PR to ensure that no malicious code has been introduced,
|
|
# as it could allow the code on the forked branch to have access to workflow secrets.
|
|
|
|
name: Build Desktop on PR Target
|
|
|
|
on:
|
|
pull_request_target:
|
|
types: [opened, synchronize, reopened]
|
|
branches:
|
|
- main
|
|
paths:
|
|
- 'apps/desktop/**'
|
|
- 'libs/**'
|
|
- '*'
|
|
- '!*.md'
|
|
- '!*.txt'
|
|
- '.github/workflows/build-desktop.yml'
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
check-run:
|
|
name: Check PR run
|
|
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
|
permissions:
|
|
contents: read
|
|
|
|
run-workflow:
|
|
name: Build Desktop
|
|
needs: check-run
|
|
if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
|
|
uses: ./.github/workflows/build-desktop.yml
|
|
secrets: inherit
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
id-token: write
|
|
|