[PM -20329] browser auth approval client api service #3929
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow is intended to be run when we need to build the client and produce artifacts that require secrets | |
| # when the PR source branch does not have access to secrets (e.g. a fork). | |
| # This workflow will run in the context of the target of the PR and have access to secrets. | |
| # This should only be done after reviewing the PR to ensure that no malicious code has been introduced, | |
| # as it could allow the code on the forked branch to have access to workflow secrets. | |
| name: Build CLI on PR Target | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize, reopened] | |
| branches: | |
| - main | |
| paths: | |
| - 'apps/cli/**' | |
| - 'libs/**' | |
| - '*' | |
| - '!*.md' | |
| - '!*.txt' | |
| - '.github/workflows/build-cli.yml' | |
| - 'bitwarden_license/bit-cli/**' | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| check-run: | |
| name: Check PR run | |
| uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main | |
| run-workflow: | |
| name: Build CLI | |
| needs: check-run | |
| if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} | |
| uses: ./.github/workflows/build-cli.yml | |
| secrets: inherit | |