Stats #173
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Stats | |
| on: | |
| # This workflow is separated from the test-and-build workflow and triggered by it via `workflow_run` | |
| # for security reasons. We need write access to pull-requests to comment on them. | |
| # If we had this in the main workflow, PRs from external contributors wouldn't have access to these secrets | |
| # (which is a good security measure). By using a separate workflow triggered by `workflow_run`, | |
| # we ensure the deployment steps always run in a trusted context with proper access to secrets. | |
| # It is a security good practice introduced in https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/ | |
| workflow_run: | |
| workflows: ["Test and Build"] | |
| types: | |
| - completed | |
| permissions: {} | |
| jobs: | |
| inform-package-stats: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/inform-package-stats |