Pull req should not expose env vars

earonesty · September 19, 2019, 2:15pm

Pull requests should use the head_branch for branch restrictions not the target branch.

For example: if i have a deployment env var restricted to master… every pull req to master shouldn’t be running with the secure deployment env vars. Only approved/merged stuff should run with those env vars.

I know that env vars on pull reqs are restricted to members only… but this is still an unexpected behavior that could compromise the intended security.

native-api · September 19, 2019, 3:01pm

Pull requests don’t have access to secure variables. So I cannot quite get what you want.

If you give an example of a build and what you expect to be different that would hopefully make it more clear.

Topic		Replies	Views
Restrict environment variables to specific branches Feature Requests feature-request , env-vars	1	1924	October 2, 2019
Environmental variables limited to certain branches don't work during deployment Deployment bug	0	1525	May 4, 2023
Allow external pull requests to use secret variables from the forked repo Feature Requests travis-build , secret-variables	5	2074	March 5, 2021
Possibility to hidde public environment variable from logs Feature Requests env-vars	2	1039	September 17, 2019
Pass the PR origin's Repository Settings alongside Github Pull Request Feature Requests	2	1055	March 5, 2021

Pull req should not expose env vars

Related Topics