From 9b966afc919aa32cba509a22787d6039336a52a6 Mon Sep 17 00:00:00 2001 From: Tamcodes4 Date: Sat, 27 Jun 2026 14:20:54 +0530 Subject: [PATCH] fix: pass reaction-token to slash-command-dispatch and clean up workflow comments --- .github/workflows/format-command.yml | 7 +------ .github/workflows/slash-command-dispatch.yml | 5 +---- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/format-command.yml b/.github/workflows/format-command.yml index 97eec769..30d68391 100644 --- a/.github/workflows/format-command.yml +++ b/.github/workflows/format-command.yml @@ -1,10 +1,5 @@ name: format-command -# This workflow no longer triggers on issue_comment directly. It only runs -# after .github/workflows/slash-command-dispatch.yml has verified that the -# commenter has write access to the repository and created a -# "format-command" repository_dispatch event. This removes the unauthenticated -# pwn-request path: untrusted commenters never reach this job. on: repository_dispatch: types: [format-command] @@ -48,7 +43,7 @@ jobs: issue_number: context.payload.client_payload.github.payload.issue.number, owner: context.repo.owner, repo: context.repo.repo, - body: "I have successfully run Prettier and pushed the formatting fixes to this PR.\n\n**Note for Contributors:** Because this commit was pushed by a bot, GitHub will not automatically re-run the CI checks. To trigger them to pass, you must either:\n- Push an empty commit locally (`git commit --allow-empty -m \"Trigger builds\"` and push)\n- Close and immediately reopen this Pull Request." + body: "I have successfully run Prettier and pushed the formatting fixes to this PR.\n\n**Note:** Since this commit was pushed by a bot, GitHub will not automatically re-run the CI checks. To trigger them, either:\n- Push an empty commit (`git commit --allow-empty -m \"Trigger builds\"` and push)\n- Close and immediately reopen this Pull Request." }) - name: Post failure comment diff --git a/.github/workflows/slash-command-dispatch.yml b/.github/workflows/slash-command-dispatch.yml index d8722fca..41becb2c 100644 --- a/.github/workflows/slash-command-dispatch.yml +++ b/.github/workflows/slash-command-dispatch.yml @@ -8,14 +8,11 @@ jobs: slashCommandDispatch: runs-on: ubuntu-latest steps: - # peter-evans/slash-command-dispatch checks the commenter's repository - # permission (default: "write") BEFORE any dispatch event is created. - # No PR/fork code is checked out in this job, so untrusted commenters - # can never reach a step that holds write-scoped credentials. - name: Slash Command Dispatch uses: peter-evans/slash-command-dispatch@v5 with: token: ${{ secrets.PAT }} + reaction-token: ${{ secrets.PAT }} commands: format permission: write issue-type: pull-request