block checking out fork pr for pull_request_target and workflow_run (#2454)

* block checking out fork pr for some events * address copilot and reviewer feedback * run prettier formatting * build * update urls * update readme * update description and url again * edit url one more time
2026-06-17 00:01:17 +08:00 · 2026-06-16 10:03:43 -04:00
parent df4cb1c069
commit f9e715a95f
10 changed files with 509 additions and 2 deletions
--- a/test/input-helper.test.ts
+++ b/test/input-helper.test.ts
@@ -91,6 +91,7 @@ describe('input-helper tests', () => {
    expect(settings.repositoryOwner).toBe('some-owner')
    expect(settings.repositoryPath).toBe(gitHubWorkspace)
    expect(settings.setSafeDirectory).toBe(true)
+    expect(settings.allowUnsafePrCheckout).toBe(false)
  })

  it('qualifies ref', async () => {