message no. 174824
Posted by Gandalf84 in #github at 2019-09-30T23:07:48Z
Hi, I'm start using github actions, but I have some concerns about security. If anybody with write access to the repo can create a workflow yaml file, in any branch, having the secrets shared among the branches, how can I prevent any developer to create his own workflow yaml file and trigger any deployment (having the secrets already in place)?