schcamille · schcamille · Jul 15, 2025 · Jul 16, 2025
diff --git a/.github/workflows/vulnerable.yml b/.github/workflows/vulnerable.yml
@@ -0,0 +1,23 @@
+on: pull_request_target
+
+jobs:
+  build:
+    name: Build and test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - uses: actions/setup-node@v1
+      - run: |
+          npm install
+          npm build
+      - uses: completely/fakeaction@v2
+        with:
+          arg1: ${{ secrets.supersecret }}
+
+      - uses: fakerepo/comment-on-pr@v1
+        with:
+          message: |
+            Thank you!
@@ -1,3 +1,6 @@
+permissions:
+  contents: read
+  pull-requests: write
 on: pull_request_target
 jobs:
@@ -1,3 +1,6 @@
+permissions:
+  contents: read
+  pull-requests: write
 on: pull_request_target

 jobs: