User created pull request that ran miner from circle.yml - how can that be prevented?

schwamster · December 2, 2016, 7:07pm

Hi,

today i received a pull request from some user that abused my repository and circleci. the user replaced part of my circle.yml with code that started running a miner instead of the tests.

The build started automatically when the user created the pullrequest.

How can that be prevented? I suppose that i configured something wrong here…

thx,

Bastian

drazisil · December 16, 2016, 4:12am

This was a multi-part issue that we worked with GitHub support to triage and resolve. To prevent this from happening check your advanced settings for this project on CircleCI. There is an option to allow forked PR builds to run or not. It was on by default for OSS projects, but to prevent this you will want it to be off.

Topic		Replies	Views
Pull Requests builds use forked repo config file Feedback & Bug Reports circle-yml	2	778	July 24, 2018
Pull Request from forked repo's are not being tested Feedback & Bug Reports github	6	2676	June 18, 2018
Circle CI builds do not trigger on Pull Requests of some particular users Feedback & Bug Reports github	4	2241	November 26, 2019
Trigger PR build in organization after failing user build Integrations and Accounts	5	2080	July 4, 2020
Trigger a build from a pull request Build Environment	6	3675	June 18, 2018

User created pull request that ran miner from circle.yml - how can that be prevented?

Related Topics