User created pull request that ran miner from circle.yml - how can that be prevented?



today i received a pull request from some user that abused my repository and circleci. the user replaced part of my circle.yml with code that started running a miner instead of the tests.

The build started automatically when the user created the pullrequest.

How can that be prevented? I suppose that i configured something wrong here…




This was a multi-part issue that we worked with GitHub support to triage and resolve. To prevent this from happening check your advanced settings for this project on CircleCI. There is an option to allow forked PR builds to run or not. It was on by default for OSS projects, but to prevent this you will want it to be off.