ci: disable auto merge default to prevent secret leak on malicios pr

abose · abose · commit 497df56d7d06 · 2023-02-16T12:14:51.000+05:30
diff --git a/.github/workflows/js/setupRepository.cjs b/.github/workflows/js/setupRepository.cjs
@@ -49,7 +49,8 @@ function _setupRepoComment(){
 Setup your repository default settings. Goto this url https://github.com/${org}/${repoName}/settings
 
 - [ ] In \`Settings> General> Pull Requests\` uncheck/disable \`Allow merge commits \`
-- [ ] In \`Settings> General> Pull Requests\` check/enable \`Allow auto-merge \` and \`Automatically delete head branches \`
+- [ ] In \`Settings> General> Pull Requests\` uncheck/disable \`Allow auto-merge \`. This is to prevent GitHub secrets leak after malicious pull request auto merges.
+- [ ] In \`Settings> General> Pull Requests\` check/enable \`Automatically delete head branches \`
 - [ ] Delete the file \`.github/workflows/setup_repository.yml\ and \`.github/workflows/js/setupRepository.cjs\`
 `;
 }

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,8 @@ function _setupRepoComment(){`
`49`	`49`	`Setup your repository default settings. Goto this url https://github.com/${org}/${repoName}/settings`
`50`	`50`
`51`	`51`	- [ ] In \`Settings> General> Pull Requests\` uncheck/disable \`Allow merge commits \`
`52`		-- [ ] In \`Settings> General> Pull Requests\` check/enable \`Allow auto-merge \` and \`Automatically delete head branches \`
	`52`	+- [ ] In \`Settings> General> Pull Requests\` uncheck/disable \`Allow auto-merge \`. This is to prevent GitHub secrets leak after malicious pull request auto merges.
	`53`	+- [ ] In \`Settings> General> Pull Requests\` check/enable \`Automatically delete head branches \`
`53`	`54`	- [ ] Delete the file \`.github/workflows/setup_repository.yml\ and \`.github/workflows/js/setupRepository.cjs\`
`54`	`55`	`;
`55`	`56`	`}`