mirror of
https://github.com/servo/servo
synced 2026-04-25 17:15:48 +02:00
ci: Secure book-sync secrets with environment (#43920)
We defined a github environment `book-sync` which contains the required secrets. After merging this PR we can remove the secrets from the per-repository secrets, which reduces the scope the secrets are available in, and has the added restriction of only being available on protected branches. Testing: Prior to this PR, the functionality was tested on the `environments` branch and discussed in the maintainers chat. After this PR is merged, a manual check should be done to ensure the book-export workflow still continues to work as expected. Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
This commit is contained in:
Jonathan Schwender
committed by
GitHub
GitHub
parent
a683c03140
commit
06f6320609
3
.github/workflows/book-export.yml
vendored
3
.github/workflows/book-export.yml
vendored
@@ -9,6 +9,9 @@ jobs:
|
||||
# Run job only on servo/servo
|
||||
if: github.repository == 'servo/servo'
|
||||
runs-on: ubuntu-latest
|
||||
environment:
|
||||
name: book-sync
|
||||
deployment: false
|
||||
steps:
|
||||
- name: Check out Servo
|
||||
uses: actions/checkout@v6
|
||||
|
||||
Reference in New Issue
Block a user