block checking out fork pr for pull_request_target and workflow_run (#2454)

* block checking out fork pr for some events * address copilot and reviewer feedback * run prettier formatting * build * update urls * update readme * update description and url again * edit url one more time
2026-06-17 21:22:05 +08:00 · 2026-06-16 10:03:43 -04:00
parent df4cb1c069
commit f9e715a95f
10 changed files with 509 additions and 2 deletions
--- a/src/git-source-settings.ts
+++ b/src/git-source-settings.ts
@@ -118,4 +118,10 @@ export interface IGitSourceSettings {
   * User override on the GitHub Server/Host URL that hosts the repository to be cloned
   */
  githubServerUrl: string | undefined
+
+  /**
+   * Opt-in to allow checking out fork pull request code from a workflow
+   * triggered by pull_request_target or workflow_run.
+   */
+  allowUnsafePrCheckout: boolean
 }