From f678a3a4572eaedd3beae360fb7a69d81754d0cf Mon Sep 17 00:00:00 2001 From: per1234 Date: Wed, 28 Apr 2021 21:29:26 -0700 Subject: [PATCH] Delete diff artifact after use in "Manage PRs" workflow A workflow artifact is used to transfer the PR diff file from the `diff` job to the `parse` job. Once the artifact has been downloaded by the `parse` job, it no longer serves any purpose. It's possible the artifact might serve as a vector for exporting secrets from the workflow. Even though I don't have any specific reasons to believe it is possible to cause secrets to be written to the artifact and the repository doesn't currently have any secrets beyond `GITHUB_TOKEN`, nor need for any, it's still best to remove the unnecessary artifact. --- .github/workflows/manage-prs.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/manage-prs.yml b/.github/workflows/manage-prs.yml index a17eecc0..8c4fe4c7 100644 --- a/.github/workflows/manage-prs.yml +++ b/.github/workflows/manage-prs.yml @@ -109,6 +109,11 @@ jobs: path: ${{ needs.diff.outputs.path }} name: ${{ needs.diff.outputs.artifact }} + - name: Remove no longer needed artifact + uses: geekyeggo/delete-artifact@v1 + with: + name: ${{ needs.diff.outputs.artifact }} + - name: Parse request id: parse-request run: |