peter-evans/create-pull-request has an input named push-to-fork which allows pushing PR branches to a fork and creating the PR to the parent repository from the fork. This allows following the
principle of least privilege by using a dedicated user acting as a machine account ... [that] ... only has read access to the main repository.
In light of all of the recent supply-chain hacks, I think enabling pushing PR branches to forks is a good feature for update-flack-lock so that repo-owners can lock down their repos and prevent issuing PATs to their bot accounts with write permissions on the main repository.
peter-evans/create-pull-requesthas an input namedpush-to-forkwhich allows pushing PR branches to a fork and creating the PR to the parent repository from the fork. This allows following theIn light of all of the recent supply-chain hacks, I think enabling pushing PR branches to forks is a good feature for update-flack-lock so that repo-owners can lock down their repos and prevent issuing PATs to their bot accounts with write permissions on the main repository.