@Félix I think our Danger scripts are
@Félix I think our Danger scripts are not really working as there should have been some comments of the danger bot by now (e.g. the new contributors). Maybe the bot doesn't have the right scope to comment on pull requests?
15 Replies
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
Weird i also don't understand what they are trying to achieve with this setup - if i have time tomorrow i will also have a look if i find a repo successfully using danger ...
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
i was reading a very similar article at the same moment: https://nathandavison.com/blog/github-actions-and-the-threat-of-malicious-pull-requests 🙂
But isn't this possible for us - we use the danger file from the base repo and don't use checkout?
instead we use the github api via danger ?
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
To my understanding yes or do we need to set the action explicitly to clone the twenty repo
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
this would also be a possiblity to not checkout anything but always the secure merged state
yes seems like it was merged ...
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
Sounds like a good solution
I meant if we are not sure what the checkout action does we can configure it to always checkout the main branch on the main repository
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
mhh i think we should use the
markdown() function exported by danger for such general messages ...
but it works thats a great improvement to before 😉Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View