►
Description
GitHub Actions and Pull Requests with Bdougie
#30minutestomerge
A quick tour of specific GitHub Actions triggers and their use, plus a deep dive into GitHub Actions that run on Pull Requests from forks.
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
A
What
is
going
on
we're
live
hello
and
welcome
to
30
minutes
to
merge.
You
might
have
missed
us.
Last
month
we
were
super
slammed
working
on
some
really
awesome
things
at
github
and
time
just
kind
of
slipped
by
us
if
you're
new
to
the
stream
welcome
and
if
you
are
a
returning
visitor.
It's
also
good
to
see
you
so
good
morning,
good
evening,
maybe
good
afternoon,
depending
on
where
you're
at
so
today.
A
I
have
the
pleasure
of
introducing
bw,
aka
brian
and
he's
gonna,
be
walking
us
through
some
github
action
stuff
with
pull
requests.
So
he's
gonna
show
us
that
stuff,
but
before
he
jumps
into
that,
I
just
want
to
give
you
a
brief
introduction
to
the
myth
and
the
legend
that
is
b
dougie.
A
So,
as
always,
I
have
a
couple
of
questions
that
I
normally
ask
my
guests
and
so
first
and
foremost,
bw
just
jumped
into
gardening
as
his
newest
hobby,
and
he's
really
messing
around
with
trees,
which
I
think
is
horticulture
could
be
wrong
and
he's
really
into
lemon
apricot
and
plum
trees.
He
currently
doesn't
have
any
pets,
so
maybe
chat
can
give
him
some
suggestions
as
to
what
kind
of
pets
he
should
be
scooping
up.
A
I
always
like
to
ask
people
what
they
bought
recently,
because
I
think
that
that
gives
us
an
idea
of
like
we
are
still
human
and
he
picked
up
a
garbage
can
shows
up
friday.
He's
super
excited
about
it.
B.
Dougie
is
involved
in
open
source,
and
I
asked
if
he
had
any
open
source
projects
that
he
wanted
to
shout
out,
and
he
did
so.
It's
team
tao
and
the
tao,
repo
and
I'll
throw
that
in
chat.
A
So
you've
got
a
link,
so
you
can
see
how
awesome
it
is
to
interact
with
twitch
apis
when
you're
using
an
open
source
repo
with
it
and
then.
Finally,
I
asked
him
if
he
had
like
an
idea
for
like
a
fun,
github
action
and
he
said
that
it
already
exists,
but
it's
environment
orchestration
some.
A
It
involves
creating
staging
areas
and
then
commissioning
the
staging
area
once
the
pr
is
merged
and
with
that
I'm
gonna,
let
brian
or
bw
take
it
away
thanks
again
for
coming
and
have
a
good
one.
B
Yeah
thanks
so
much
for
that
introduction
as
well,
and
I
realized
I'm
not
sharing
my
screen
either.
I
think
that
would
help,
but.
A
B
About
that
trash,
can
I
just
recently
moved
into
a
new
place
and
I've
hated
my
trashcan
for
years?
For
the
reason
it's
like
one
of
those
ikea
trash
cans
and
anybody's
bought
a
trash
can
from
ikea
the
generic
one.
The
bags
don't
fit
in
there
so
number
one
user
experience
you
got
to
make
sure
the
bag
fits
on
a
trash
can
so
I
did
some
exploring.
B
This
seems
like
a
really
random
thing,
but
if
you
know
me,
I'm
pretty
random
did
some
exploring
and
wanted
to
get
like
the
hand
wavy
trash
can
that
opens
up.
That
was
like
too
intense,
so
I
went
with
the
the
tried
and
true
put
your
foot
on
the
trash.
Can
open
up
bag
fits
it's
all
good.
B
I
can't
wait
to
start
using
that
all
right,
so
I'm
actually
going
to
talk
about
github
actions
and
specifically
get
up
actions
and
pull
requests
and
there's
a
couple
things
that
we
can
probably
do
as
you
all
are,
are
watching
me
go
through
this
and
one
say
hello
in
the
chat.
So
if
you
are
watching
this,
this
emoji
is
probably
a
great
just
drop
an
emoji.
If
you
you're
here,
maybe
you
just
don't
want
to
type
in
words,
but
something
I've
been
doing
using
a
lot
is
github
actions.
B
This
is
a
project
that
I've
been
working
on
for
a
couple
years
now
called
open,
sauce
and
open
sauce.
It's
a
project
to
find
your
next
open
source
project.
It's
actually
how
I
discovered
team
tao,
because
what
I
do
is
I
live
stream,
a
ton
about
open
source,
and
I
wanted
to
walk
through
a
couple
of
the
actions
I
have
currently,
and
I
think
this
would
kind
of
give
us
a
sort
of
an
understanding
of
like
what
you
can
do
when
pull
requests
open
to
kind
of
help.
B
The
maintenance
of
your
repository
so
like
one
that
I'll
mention
real
quick
is
codeql.
You
have
access
to
this
today,
codeqo.
It
looks
at
all
your
for
this
example
javascript
code
and
it's
gonna
identify
if
there's
any
sort
of
security
vulnerabilities
in
the
code
or
so
my
best
practices,
and
I
just
want
to
point
out
that
this
runs
on
a
couple
different,
workflow
events.
B
So
when
I
talk
about
running
on
pull
request,
this
is
running
on
push
so
anything
pushed
to
the
main
branch
as
well
as
anything
pushed
to
the
following
branches,
as
a
pull
request
will
also
be
this
will
be
leveraged,
and
then
I
also
in
addition
to
this
I've
got
a
cron
job
that
runs
this
automatically
every
56
minute
of
the
fifth
hour
and
the
day
in
the
month.
B
I'm
not
really
great
at
doing
the
whole
kron
conversion,
you
go
to
chrome
crontab.guru,
to
figure
out
what
that
means,
but
yeah.
This
is
I'm
not
gonna
break
down
this,
in
particular
github
workflow,
this
github
action
workflow,
but
that's
like
the
sort
of
introductory
basics.
B
So,
hopefully,
actually
it
says
we
have
people
just
popping
in
the
chat
thumbs
up
thumbs
down
yes
or
no,
if
you,
if
you're
using
github
actions
or
if
I
need
to
break
down
this
even
further,
because
I
do
want
to
quickly
start
interacting
with
some
get
out
get
of
actions
as
well,
but
yeah
this
github
actions.
Actually,
let
me
zoom
back
out
get
up.
B
Actions
is
a
way
to
add
automation
to
your
workflow,
so
ci
cd
is
something
that
folks
are,
can
really
hyper
focus
on
with
github
actions,
but
other
things
that
I
like
to
do
with
github
actions.
Is
I
like
to
have
an
action
to
have
folks
assign
themselves
to
a
repo.
So
here
I've
got
a
github
action
that
points
to
a
github
repo
and
it
points
to
the
main
branch
and
then
from
there
I'm
leveraging
the
github
token
provided,
and
it's
going
to
write
a
little
message.
B
It's
going
to
one
you're
going
to
assign
yourself
to
an
issue,
but
two
it's
going
to
provide
a
message
of
hey
thanks
so
much
for
assigning
yourself
to
an
issue.
We
appreciate
your
hard
work
and
I
can
even
show
that
in
action
as
well.
So
if
let's
see
if
I
do
take
here,
vortex
is
actually
going
to
take
this
one,
but
at
vortex,
if
you're
watching.
B
I
will
unassign
myself
from
this,
because
he's
probably
going
to
wonder
why
am
I
assigning
the
issue
when
I
literally
just
said
I
was
going
to
take
it
and
that's
exactly
what
he's
saying
right
here.
So
what
happens
here
is
that
this
action
gets
triggered.
It
looks
like
I
got
a
notification
so
that
message
that
I
also
mentioned
this
is
getting
triggered
on
a
github
issue
or
sorry,
a
github
cop
issue
comment.
B
So
I'm
gonna
delete
this
and
I'm
gonna
unassign
this
because
perhaps
vortex
you
might
be
sleeping
right
now.
Hopefully
you
are
otherwise
you're
kind
of
you're,
probably
gonna.
Look
all
these
notifications
be
like
what
are
you
doing,
but
for
the
sake
of
me,
just
sort
of
explaining
this.
This
is
what's
happening
here.
Let
me
go
back
to
the
to
the
workflow
and
I
do
wanna
point
out
that
this
only
gets
triggered
on
issue
comments,
so
you
saw
me
get
a
sign.
B
You
saw
me
unassigned
myself,
you
saw
me
also
create
a
a
little
whenever
it's
created
or
if
I
edit
the
issue
it
will
run
again
and
it's
specifically
looking
for
this
repo.
So
that's
the
basic,
a
good
of
action,
then
what's
really
cool
about
this
is
I
can
create
actions
and
have
them
live
inside
of
a
repository
like
this.
So
I've
got
my.
This
is
a
little
more
complicated,
but
I've
got
some
bash
here
and
what's
happening
here.
Is
it's
looking
for
that
dot
take
and
it's
gonna
sign.
B
B
Actually,
I'm
going
to
talk
about
one
real,
quick
and
the
action
that
I
want
to
talk
about
is
this
action
called
semantic
pull
request,
and
this
is
an
action
that
runs
to
actually
look
to
see.
If
you
create
a
pr
in
a
project,
will
this
project
it
will
fail.
If
you
don't
have
semantic,
if
you
don't
well,
okay,
so
samantha
pr,
it's
basically
what
it
does.
It
has
these
different
feet,
just
flags
so
like.
If
this
is
a
feature,
we
don't
look
at
siri
or
if
we
have
a
fix.
B
It's
gonna
append
this
to
the
commit
message
when
I
actually
squash
and
merge
this-
and
it's
actually
looking
for
this.
So
if
I
go
to
put
fix
what's
going
to
happen
here,
it's
going
to
actually
rerun
this
action
and
we'll
see
it
get
rerun
here.
It's
going
gonna
be
running
on
again
running
on
pull
request,
which
works
perfectly
fine,
but
there's
gonna
be
some
issues
with
this
and
I'll
show
this
once
this
actually
passes.
The
other
thing
I
wanna
show
off
too
as
well.
B
The
action
logs
is
a
great
place
to
sort
of
see
what's
happening
here.
You
can
see
that
there's
an
environment
that
gets
spun
up.
You
can
see
that
the
in
the
log
we're
using
a
github
token
and
the
github
tokens
itself
is
actually
being
obfuscated,
which
is
a
good
thing
to
do
like
downfield.
B
You
do
not
want
to
log
your
your
tokens
into
into
any
sort
of
log,
or
anything
like
that.
So
github
does
a
great
job
on
that,
but
what
I'm
getting
at
here
is
now.
We've
got
the
semantic
pr
title
here
and
we
are
good
to
go
so
this
is
actually
it
is
passing,
and
I'm
very
excited
about
this.
I
did
some
prep
work
before
getting
jumping
on
this
call,
and
I
realized
that
this
is
not
gonna
work
on
pr,
so
I'm
going
to
delete
that
action
in
the
future.
B
So
apologies
on
seeing
that.
Well,
let's
close
that
pr,
because
there's
some
issues
with
this
workflow
and
currently
the
way
it
stands
and
the
only
way
I
can
show
this
issue
is
by
one
creating
a
pr
from
a
fork
and
that's
something
that
comes
up
a
lot
in
the
community
forums
around
questions
around
using
actions
on
why
this
doesn't
work.
Or
how
can
I
get
other
folks
who
contributed
to
my
project?
B
Have
access
to
my
actions
and
before
I
jump
to
that,
I
do
want
to
I've
jumped
through
a
couple
different
repos
and
mainly
because,
if
I
do
another
pr
on
open
source
without
warning,
my
my
co-contributors
will
be
very
questionable
and
one
want
to
know.
Why
did
we
not
warm?
Why
did
I
not
warm
them
before
I
started
making
a
mess,
the
repo,
so
I've
migrated
to
this
other
repository,
which
is
bw
slap
mouthpiece.
As
you
can
see,
I
do
love
talking.
B
I've
almost
been
talking
for
maybe
five
minutes
straight
without
even
stopping
it's
one
of
my
skill
sets
and
okay.
Well,
I
guess
I
don't
know
if
I'm
supposed
to
be
answering
questions,
but
let
me
just
go
keep
going,
and
so
this
is
a
basically
because
I
live
stream
on
twitch.
B
I
have
a
couple
extra
twitch
commands
that
that
I
that's
help
support
what
I'm
doing
so,
if
I
type
in
special
commands
in
the
mouthpiece,
it's
gonna
return
different
little
commands
like
let's
say
if
I
do
exclamation
point
test,
it's
gonna
reply
with
just
test
in
the
in
the
chat.
I
probably
don't
have
to
go
into
crazy
detail
about
how
this
works.
B
But
if
I
do
like
exclamation
point
discord
in
the
twitch
chat,
it
will
reply
back
the
discord
link,
so
it's
very
trivial
javascript
code
and
there's
not
really
a
reason
for
me
to
explain
this
other
than
the
fact
that
I'm
just
sort
of
flexing
code
that
I
wrote
three
months
ago.
B
But
what
I
wanted
to
show
off
is
what
happens
if
I
go
ahead
and
fork
this
repo
and
then
create
a
pr
based
on
me.
Not
actually
being
me,
so
I
have
a
second
account.
It's
it's
called
not
be
duggy,
and
I
just
also
want
to
double
check
to
see
yep
we're
good
all
right.
So
I
have
this
other
account
called
not
be
duggy,
it's
in
a
whole
nother,
dark
mode.
You
can
see
how
it's
darker
over
here.
You
can
also
see
that
my
name
over
here
is
not
be
dougie.
B
So,
like
there's,
nothing
up
my
sleeve
and
what
I'm
gonna
do
is
actually
fork
this
repo,
and
what
I
want
to
point
out
is
the
fact
that
if
I
run
this
github
action,
a
couple
things
are
gonna
happen,
because
I'm
running
this
on
pull
request,
which
I
also
want
to
point
this
out
as
well.
B
So
if
we
go
here,
we
can
also
see
it's
running
on
pull
request
and
it's
running
on
these
different
branches.
We
probably
can
get
rid
of
some
of
that
stuff
too,
as
well.
There's
a
couple
things
that
that
can
be
questionable
about
this.
I
can
open
up
a
pr,
and
I
can
run
this.
I
can
edit
this
yellow
file,
but
this
won't
actually
run
any
actions
and
that's
mainly
as
a
security
feature
and
I'll
get
into
that
in
a
second.
B
I
might
be
jumping
ahead
of
myself
so
instead
of
editing
that,
let
me
just
go
ahead
and
add
some
context
into
readme,
something
benign
so
that
way
we
can
just
get
a
some
sort
of
change,
so
we'll
just
type
in
something
that
a
awesome
contributor
would
put
would
be
not
not
b
dougie
was
here.
This
is
probably
not
the
best
contribution
feel
free
to
open
up
contributions.
Do
you
feel
like
it?
B
I
just
really
stuff
in
action,
but
I
don't
think
these
are
understood.
Okay.
So
if
I
create
this
pull
request,
I
definitely
should
ask.
I
don't
know
if
I'm
supposed
to
be
interacting
with
chat,
but
I'm
gonna
read
the
chat
questions.
If
you
all
have
questions,
I
can
answer
questions
so
feel
free
to
throw
them
at
me.
The
one
thing
I
did
want
to
point
out
is
the
fact
that
I
opened
this
pr.
B
I
created
a
benign
change,
which
is
simply
this
little
readme
comment,
and
the
one
thing
I
wanted
to
point
out
is
that
there
are
no
actions
running
so
despite
the
fact
that
well,
this
is
my
fork,
so
in
my
fork
automatically
I
have
to
actually
enable
actions
to
be
able
to
run,
and
this
is
also
another
security
feature
that
you
don't
want
to
fork
a
repo
and
have
some
actions
run
automatically
without
you
even
knowing.
B
But
the
other
thing
I
want
to
point
out
is
that,
on
my
the
upstream
so
remember,
this
is
a
different
light,
lighter
version
of
dark
mode.
We
have
a
pr
by
not
be
dougie,
and
it's
not
listed
here
at
all,
so
that
can
be
very
confusing
when
you
first
open
up
pr
and
maybe
you're
expecting
or
if
you
weren't
expecting
folks
to
if
you
were
expecting
people
to
update
your
your
project
and
do
a
fork.
It
looks
like
your.
Your
actions
are
not
running
and
it
can
be
quite
confusing.
B
So
in
the
settings
inside
actions
we're
going
to
go
into
actions
there
we
go
and
we
can
do
a
couple
different
things.
We
can
do.
One
allow
all
actions
which
I
think
is
on
by
default,
and
then
we
have
this
other
thing,
which
is
around
fork,
pull
request
so
with
fork
pull
request
we
need
to
actually
we
need
the
ability
to
actually
have
this
run
unfortunate,
but
I'm
gonna
keep
this
tab
open
for
a
sec,
because
this
is
not
where
our
answer
lies.
B
Where
our
answer
lies
is
actually
the
fact
that
pull
request
will
not
run
if
we
are
leveraging.
B
B
We
have
to
use
a
different
event
so
for
me
to
explain
this:
I'm
going
to
open
up
the
docs
and
I'm
going
to
look
for
pull
request
target
it's
going
to
be
a
different
event
and
because
I
only
have
30
minutes
to
talk
about
this,
I'm
just
jumping
directly
to
the
answer,
as
opposed
to
sort
of
playing
around
with
the
with
your
emotions
and
you're,
trying
to
guess
in
the
chat
but
there's
an
event
called
pork
pull
request
target
and
for
pull
request
target.
What
this
does.
B
It
allows
you
to
run
github
actions
on
forks,
but
not
only
does
it
let
you
allow
to
run
github
actions
and
forks.
It
allows
you
to
use
github
actions
that
also
leverage
a
token.
So
the
one
thing
I
didn't
mention
as
well-
and
I
didn't
mention-
but
also
I
need
to
keep
myself
honest.
B
Yes,
so
because
I'm
using
this
github
token
right
here.
This
github
token
is
my
github
token.
It's
the
github
token
for
the
organization
or
the
sort
of
maintainer
or
the
repo,
the
owner
of
the
repo.
Now
this
will
run
because
I
have
access.
I
have
commit
and
write
access
to
commit
and
write
access
to
this
repository.
B
Now,
if
you
anybody
who,
like,
let's
just
pick
on
matt,
if
you,
if
he
had
right
access
to
my
repo,
his
action
would
run
but
because
he
does
does
not
have
access
to
this
repo
and
because
not
b
dougie
does
not
have
access
to
repo.
It
will
not
run
so.
The
only
way
to
fix
this
is
by
adding
pull
request
target.
Now.
B
My
recommendation
is,
you
only
add,
pull
request
target
in
places
that
you
absolutely
need
to
have
run
on
fork
prs,
because
there
are
security
reasons
why
you
would
probably
not
want
to
have
this
run
on
something
like
your
production
deployment
environment.
So
I'm
going
to
switch
to
support,
request
target
and
that's
going
to
be
my
only
fix
right
there
and
I'm
going
to
commit
that
to
the
main
branch,
because
you
know
yellow.
B
Why
not
so
now
that
it's
running
on
pull
request
target,
I'm
now
going
to
be
able
to
see
that
the
semantic
pr
sort
of
engagement
on
my
pr
or
actually
activate
so,
unfortunately,
because
I
do
not
have
access
to
the
upstream
and
or
that
that
change
I'm
gonna
need
to
actually
close
this
pr
and
I'm
gonna
have
to
make
the
change
again.
So
this
is,
if
you
did
not
have
this
there's
a
couple
other
things
we
probably
could
have
done.
B
Actually
you
know
actually,
let's
reopen
this.
I
don't
know
if
this
actually
work.
If
I
reopen
it,
it's
not
going
to
actually
grab
from
upstream
and
that's
mainly
because
those
changes
are
not
here.
On
my
fork
reminder
this
is
my
not
b
dougie
fork,
but
there's
actually
this
new
feature
that
we
shipped
a
couple
months
ago,
which
is
this
button
right
here
so
looking
at
fetch
from
upstream
I
could.
B
Cool
so
yo,
if
you're
always
still
tracking
with
me,
definitely
just
drop
in
the
chat,
say:
hey
you're,
doing
a
great
job
b.
Dougie
struck
my
ego
all
right.
So
now
we
can
see
again
we're
on
this
fork,
and
now
we
have
the
latest
change
that
I
did
up
on
the
upstream
too,
as
well:
ship
dark
mode
faster
to
enterprise
man.
B
If
I
worked
on
enterprise,
I
would
definitely
be
working
on
that
all
day
and
every
night,
but
maybe
I'll
I'll
knock
on
someone's
door
I'll
go
to
throw
it
over
the
cubicle
wall
that
we
don't
have
all
right.
So
we
have
the
pull
request
target.
This
is
something
I'm
going
a
little
off
script.
It
probably
doesn't
seem
like
I'm
on
script
right
now,
but
we're
gonna
definitely
check
to
see
all
right.
So
I
don't
think
the
actions
are
gonna
get
be
able
to
rerun.
I'm
actually
really
curious.
B
I'm
curious
if
I
make
a
change,
because
this
might
come
up
as
a
question.
If
I
make
a
change
to
my
fourth
version,
which
I
think
did
I
create
a
new
branch,
I
created
the
not
b
dougie
branch.
Here
we
go.
B
Is
this
the
one
that
I
just
created?
Yeah,
not
bw
was
here
it's
a
good
thing.
I
wrote
that
otherwise,
I
would
never
know
if
this
was
the
commit.
I
just
made
okay,
so
we'll
just
make
a
another
benign
change.
If
you
didn't
see
that
it's
basically
this
this
exclamation
point
living
a
van
what's
up
another
one
of
my
great
committers
on
open
source
is
here
all
right,
so
I'm
gonna
commit
that
back
to
my
branch,
because
I
need
to
trigger
a
new
update
now.
B
Let
me
slow
down
real,
quick
and
explain
why
I
had
to
create
another
either
change
or
redo
the
pr
when
you
run
a
github
action.
It's
gonna
run
on
that
environment,
so
these
are
actually
vms
that
are
actually
running
specifically
for
your
github
actions.
So
if
I
go
back
into
my
actions,
you
could
see
now
we
probably
should
have
triggered
a
new
action
and
it
hasn't
done
it,
and-
and
it's
because
like
we're,
I
think
we're
stuck
in
this.
B
This
action
running
environment-
that's
not
gonna,
give
us
anything
new,
so
we're
gonna
have
to
start
fresh,
which
is
quite
annoying,
but
we'll
do
it
because
we,
this
is
sort
of
how
the
world
works
when
it
comes
to
vms,
so
we'll
have
to
start
fresh,
and
I
break
this
up
because,
like
this
is,
if
you
reap
in
a
pool
and
a
fork
at
least
two
events,
will
fire
reopen
and
sync
on
the
upstream
yeah?
That
should
be
the
case.
B
I'm
over
I'm
over
here
going
off
script.
So
if
you
close
and
reopen
it
should
click,
it
should
hit
the
synchronize
event
and
then
we
should
see
an
updated
movement
on
the
action.
B
Now,
let
me
see,
did
I
have
the
synchronized
event
on
here?
I
do
have
synchronized
well,
you
know
what
I
think
we
might
be
stuck
in
like
a
a
bit
of
a
limbo
as
well.
So
let's
do
this.
B
Let's
start
from
the
main
branch
again
and
we'll
just
create
another
benign
change
as
well,
so
we
have
no,
not
bw.
Was
here
we'll
make
that
change
create
another
pr
you
don't
have
reopened
in
the
list.
Oh
yeah
you're,
you
are
correct.
Maybe
we
maybe
let's
try
this,
because
I
preached
appreciate
vortex,
also
shout
out
to
vortex
everybody
that
showed
us
showing
up
here
reopened
and
let
us
commit
that
to
the
main
branch,
and
this
is
on
mouthpiece.
So
this
is
the
upstream.
B
This
is
b
dougie
doing
this
and
I'm
gonna
do
another
sort
of
fetch
and
pool
fork
dance
by
just
doing
this.
One
little
button
right
here
so
fetch
a
merge
there
we
go
and
with
that
we
should
have
the
fetch
emerge.
We
should
have
the
latest
and
greatest,
which
is
no
not
b
dougie
here,
but
we
do
have
the
latest,
which
is
the
reopen
event.
Just
double
checking
yep
reopened
all
right.
So
if
we
now
have
that
pull
request
going,
can
we
reopen
that.
B
Close
and
if
this
doesn't
work
we'll
just
start
from
scratch,
we
don't
have
to
label
labor
this
just
trying
to
explain
the
sort
of
nuances
but
yeah.
One
thing
I
did
want
to
point
out
is
the
fact
that
we
do
have
a
runner
environment
based
on
pr.
We
haven't
actually
had
a
an
action
get
triggered
based
on
this.
B
We
still
haven't
so
we're
just
gonna
give
up
on
this
and
to
start
a
whole
new
change,
and
this
is
unfortunate
about
when
doing
these
forks
and
doing
prs,
but
there's
always
the
option
of
adding
people
to
you,
your
team
and
adding
them
as
committers
to
so
that
way,
we
don't
have
we
don't
get
stuck
in
this
weird
limbo
situation,
but
like
with
all
demos,
I'm
pretending
like
it's
all
working
fine
and
I'm
not
screaming
on
the
inside,
but
let's
just
do,
does
not
be
dougie.
B
30
minutes
wow
you
coming
with
the
the
with
the
knowledge,
normal
environment,
runner
events
can
log
up.
We
can
lag
up
to
one
minute,
excellent,
good,
to
know
all
right,
so
we
now
have
a
pr
it's
going
and
we're
going
to
see
an
action
run,
and
this
is
actually
something
okay.
So
this
is
something
that
I
realize
also
is
part
of
the
problem
that
I
was
going
to
bring
up,
but
I
got
distracted
a
little
bit,
I'm
actually
not
pointing
this
to
the
upstream.
B
This
is
actually
getting
pointed
to
my
main
branch
on
the
main
repo.
So
let
me
let
me
do
this
correctly.
We're
gonna
create
a
new
pr,
but
we're
going
to
point
this
to
b
dougie
instead
of
not
b
dougie
so
and
I'll.
Show
you
exactly
what
I
did
wrong.
Oh
no!
That
was
the
main
branch,
so
we
have
the
main
branch
here.
We
have
not
be
dougie
main
branch,
but
we
need
to
point
it
to
b
dougie
patch
2..
Okay.
So
now
we
have
our
our
change
right
there.
B
We
perhaps
will
now
finally
see
an
action
run,
so
I've
been
sort
of
skipping
this
quite
a
bit,
but
you
this
is
important
to
write
stuff
here.
Otherwise,
containers
will
question
everything.
B
All
right-
and
I
might
have
felt
otherwise
wrong-
all
right
so
just
want
to
say
fetch
upstream
feature
in
the
repos
nice
touch
that
was
added
recently.
Yes,
it
was
ad,
it
was
added
recently
and
we
could
also
see
our
actions
is
running
recently.
So
a
couple
things
I
was
doing
wrong,
which
is
one
of
the
main
things
is,
I
wasn't
actually
creating
a
pr
to
be
dougie.
I
was
creating
a
pr
to
my
own
fourth
repo,
so
that
would
never
trigger
an
action,
but
there
we
go
so
we
have
an
action.
B
It's
running.
We
also
have
an
action
and
it
is
failing-
and
this
is
failing
intentionally
because
we
haven't
actually
fixed
it.
But
what
I
wanted
to
say
is
that
this
action
that
gets
run,
we
can
see
the
pr
here.
We
can
see
the
action
that's
running
and
we're
good
to
go
now.
What
was
the
other
thing?
B
I
was
going
to
say
we
can
fix
this
pretty
quickly
by
just
saying
fix,
because
it's
gonna
want
some
sort
of
title
and
we
can
actually
look
at
that
action
too,
as
well,
because
I
sort
of
avoided
that
for
a
little
bit.
Let
me
go
back
into
the
action.
Well,
actually,
let's
wait
for
the
system
to
run
and
I'll
take
a
look
at
the
chat
if
needed
cool.
B
So
now
we
have
the
action
running.
We
have
actions
running
from
forks
and
the
biggest
change
that
we
made
was
the
fact
that
we
have
pull
request
target
and
we
just
just
missed
it.
You
can
see
that
this
is
pull
request,
target
and
not
actually
just
a
pull
request,
and
that
gives
us
access
to
one.
It
gives
us
access
to
anytime.
You
use
a
github
token,
it's
gonna
block
any
sort
of
external
actors
or
contributors
that
are
not.
B
That
does
not
have
access
to
the
does
not
act,
commit
access
to
the
repo,
it
will
block
access
to
be
able
to
run
those
actions,
and
this
is
because,
like
you,
don't
want
actions
to
be
able
to
run
just
arbitrarily
from
anybody
coming
anywhere.
You
want
to
make
sure
you,
you
do
know
folks
and
you're
only
presenting
actions
that
can
be
accessed
by
with
a
secret
token
for
people
who
you
trust.
B
So
I
would
say
only
add
this
if
you're
confident
in
the
things
that
you're
doing
for,
for
example,
the
thing
I'm
doing
is
checking
the
pr.
I
have
no
right
access
to
any
of
this.
I
don't
have
to
commit
access
to
the
upstream
of
the
repo
or
changing
actions.
So
I
think
this
is
safe
enough
to
go
ahead
and
justify
this.
I
bring
this
up
to
two
as
well,
because
the
github
security
lab
you
will
see
a
pull
request
target.
B
There's
gonna
be
a
lot
of
security,
they
call
it
the
the
threat
vectors
of
from
the
github
security
web
they've
got
a
couple
different
articles
around
preventing
phone
requests
or
having
people
giving
access
to
too
much
information
on
within
your
repositories.
B
So
I
do
highly
recommend
if
you
are
interested
in
using
this
feature,
just
give
this
a
little
quick,
a
quick
run
through.
So
they
have
you
a
good
understanding
of
how
to
use
pull
request
targets.
So
one
of
the
big
things
you
probably
should
do
in
pull
request
target
is
not
add,
checkout
because
once
you've
add
checkout,
could
you
explain
why
pull
quest
target
is
necessary?
So
if
you
add
checkout
specifically
now
they
have
access
to
your
upstream,
your
main,
your
entire
main
branch.
B
They
can
do
manipulations
and
do
commits
directly
to
your
project.
So
why
is
it
necessary?
Let's
go
back
into
what
we
originally
were
doing.
We
were
making
benign
changes
from
a
fork
so
reminder
this
is
not
b-duggy.
So
this
is
not
me.
B
This
is
completely
somebody
else
in
a
different
browser
and
then
we've
got
the
upstream,
which
is
b
dougie
and
what
we
want
to
do
is
we
want
to
actually
be
able
to
check
to
see
if
the
title
has
a
semantic
tag
in
there
and
if
the
title
has
a
semantic
tag,
then
we're
going
to
let
this
run
now
they
have
access
to
this
pull
request
data
we
had
to
actually
pass
in
a
github
secret
token
and
for
with
actions
which
I
didn't
go
into,
because
I
made
some
assumptions
with
some
thumbs
up.
B
Github
tokens
provide,
read
only
access
to
a
majority
of
information
and
then
write
access
to
specific
things.
So
that's
what
we
needed
to
use
pull
request
target,
because
we
now
have
an
external
contributor
trying
to
contribute
a
project
run
the
action
of
the
forked
on
any
repositories.
So
the
other
thing
I
sort
of
alluded
to
as
well
going
to
the
settings
which
I
think
we
had
opened
up
here.
B
Nope,
all
right,
let's
go
back
into
the
action
settings
so
in
the
actions
tab,
there's
a
couple
things
you
can
do
if
you
are
not
comfortable
with
having
actions
running
your
project,
obviously
you
can
select
disable
actions
or
allow
only
local
actions
which
I
do
have
a
little
bit
of
time.
I
can
actually
briefly
cover
look
what
olivical
actions
are
and
then
the
other
thing
you
could
require
approval
for
first-time
contributors.
B
So
I
completely
forgot
that
my
knobby
dougie
has
contributed
that
project,
but
if
I
was
indeed
a
first
kind,
if
not
I
keep
saying
aye.
If
not,
bw
was
a
first
time
contributor,
there
would
have
been
a
pop-up.
That
said,
do
you
want
to
run
these
actions
from
this
external
person?
You've
never
heard
of
before
so
require
approval,
first-time
contributors
who
are
new
to
github
this
one's
great.
B
If
you
do
get
a
lot
of
spam
or
bots
that
are
interacting
with
your
public
repositories,
but
I'll
keep
it
as
this
and
then
for
anybody
who's
an
outside
co-operator,
so
anybody
who's
not
b
dougie.
This
would
be.
You
would
have
to
get
this
run.
You'd
have
to
approve
for
everybody.
So
I
don't
want
to
do
this.
I
want
to
keep
it
just
as
this
and
the
other
thing
you
should
keep
in
mind
too
as
well.
B
When
I
talk
about
leveraging
the
github
token
and
having
right
access
to
actions
through
forks
through
pull
request
targets,
specifically
it's
you
could
actually
limit
it
to
only
read
content
permission.
So
if
you
want
to
actually
not
have
access
to
any
sort
of
malicious
activity,
you
can
do
limit
this
to
the
read
content
permissions.
The
other
thing
that
I
would
like
to
also
mention
real
briefly,
which
is
github
token
permissions,
and
I
don't
have
time
to
actually
go
through
and
break
this
down.
B
Actually
am
I
rushing,
I
think
I
only
have
do.
I
only
have
five
minutes
left,
I'm
pretty
sure.
I
only
have
five
minutes
left.
This
has
gone
by
either
gone
by
pretty
quick
or
I
lost
15
minutes
in
my
brain
workflow.
Permissions.
B
Here
we
go
authentication.
The
other
thing
I
did
want
to
point
out
too,
as
well
is
the
example
of
using
workflow
permissions
and
for
using
pull
request
targets.
So,
if
I
wanted
to,
I
could
actually
grab.
I
should
probably
look
at
the
change
log.
It
has
a
better
better
example.
B
B
Permissions
there's
a
change
log
again,
you
could
hopefully
we're
we're
catching
links
as
I'm
mentioning
them,
but
if
I
wanted
to,
I
could
actually
set
permissions
inside
of
my
repository,
my
my
github
action
workflow.
So
if
I
go
back
into
my
action
workflow,
I
could
then
set
permissions
as
so.
B
If
I'm
not
doing
any
writing
to
the
pull
request,
I
could
actually
do
read
access
only
to
the
pull
requests.
I
don't
care
about
packages
and
then
for
this
issues
for
my
example
of
the
take
action.
B
If
I
wanted
to
actually
add
this
here
inside
this
workflow,
I
could
do
right
access,
because
I
am
writing
comments
inside
of
the
issues,
so
this
would
lock
it
down
so
that
you
can't
do
anything
else
with
that
get
up
token,
and
specifically
this
github
token
here
I
don't
have
time
to
actually
work
through
this
example,
but
hopefully
this
is
enough
to
sort
of
wet
your
appetite
instead
of
run
with
some
examples
I
do.
I
do
have
a
couple
minutes
for
questions.
B
While
I
just
mentioned
one
more
thing
that
I
wanted
to
mention,
which
is
repo
now.
My
original
example
was,
I
wanted
to
show
off
this
action,
and
this
is
gonna,
be
a
local
action
that
I've
been
working
on.
So
I've
got
this
action
where
I
am
simply
every
time
I
push
any
changes
to
my
main
branch.
Actually,
at
the
moment,
I'm
doing
pull
requests
what's
gonna
happen.
Is
it's
gonna
actually
bump
the
package.json
up
a
number?
B
B
So
in
my
package.json
this
is
a
very
common
way.
If
you're
doing
node.js
projects,
I've
got
a
version
number
semantic
version,
so
going
back
to
semantic
releases
that
were
had
the
tax.
If
anything's
a
fix,
it's
going
to
bump
the
last
version,
if
anything's
sort
of
a
feature
it'll
be
the
minor
version
and
then
you'll,
you
can
always
manually
bump
up
the
major
version
as
well,
and
what
I
like
about
this
is
I
can,
depending
on
what
different
interactions
inside
my
project,
I
could
actually
bump
my
package.json.
B
Actually,
I'm
thinking
I
might
have
meant
to
mess
this
up.
I
was
messing
around
with
this.
You
can
see
all
these
failures.
I
don't
think
this
is
gonna
work,
but
manually
I'm
gonna
actually
run
run
it
and
I'll
run
a
patch,
I'm
pretty
confident.
This
will
fail
because
I
do
realize
I
did
mess
up
this
workflow
before
I
jumped
on
here.
While
I
was
trying
to
showcase
a
different
thing,
let's
see
yeah,
this
is
gonna.
B
This
will
fail
because
if
it
doesn't
anyway,
there's
a
reasons
why?
But
because
the
github
head
ref
github,
head
ref,
is
a
environment
variable
only
available
to
pull
request,
but
because
I
didn't
run
this
as
a
pull
request,
it's
going
to
fail
because
this
won't
be
set,
and
this
when
I
say
head
ref,
this
will
be
whatever
my
branch
name
is
my
so
b
dougie
patch
one
or
two
yes
check
back
on
that
repo
in
a
day,
it'll
be
working
perfectly
I'll.
Leave
that
I'll
keep
it
pristine.
B
So
anybody
watching
this
video
after
the
fact
can
actually
check
it
out,
but
that
actually
kind
of
concludes
everything
I
wanted
to
talk
about
when
it
comes
to
pull
requests.
So
if
I
can
reiterate
some
of
the
things
and
the
questions
have
come
up
the
reason
to
use
pull
request
target
if
you're,
using
anything
upstream,
if
you're
doing
open
source,
you
have
fork
repos
people
are
contributing
from
their
fork.
Repos
onto
your
repo,
and
you
want
them
to
be
able
to
have
actions.
B
Running
poor
quest
target
will
be
your
your
sort
of
ace
in
the
hole
or
the
sort
of
way
to
enable
them
for
to
have
actions.
If
you
want
to
enable
or
disable
certain
features
and
actions,
you
can
go
to
the
action
setting
tab
as
well,
but
yeah.
The
biggest
thing
is
the
pull
request,
target
and
trick
shot.
Yes,
that
will
be
your
trick.
B
Shot
is
pull
request
target
but
definitely
check
out
the
security
lab
articles
on
security,
vectors
and
stuff,
like
that,
you
can
sort
of
walk
down
to
make
sure
you're
not
exposing
too
much
context
of
your
your
project.
So
thanks
everybody
for
coming
out
and
listening
to
me,
sort
of
spiel
and
non-stop
talking
about
the
mouthpiece.
A
Oh
geez,
I
didn't
even
see
that
I
got
brought
in
like
I
knew
that
I
was
supposed
to
and
then
I
didn't
like
that's
good,
I'm
I'm
good
at
what
I
do
all
right.
So
first
thanks
very
much
for
for
coming
in
and
non-stop
talking
for
30
minutes,
it's
pretty
pretty
solid.
It
was
definitely
an
exercise
in
off
the
top
thinking
but
yeah.
So
thanks
everyone
for
attending
another
30
minutes
to
merge.
A
I
think
either
I'm
gonna
do
it
or
someone
else
is
gonna
drop
a
link
in
chat
because
the
conversation
doesn't
end
here.
We
actually
have
you
come
over
to
our
github
community,
page
I'll,
grab
this
link
and
we'll.
B
A
There
we
go
get
up,
take
care
of
me
as
always.
So
what
we're
going
to
do
here
is
we're
actually
going
to
move
the
conversation
from
our
twitch
chat
over
to
our
github
community
page,
where
for
the
next
couple
of
minutes,
be
dougie
and
myself
and
then
some
other
hovers
we'll
be
providing
answers
to
any
questions
that
you
have.
A
If
you
have
ideas
for
what
you'd
like
us
to
cover
in
30
minutes
to
merge,
make
sure
to
drop
ideas
on
github
community-
and
I
do
my
best
or
actually
andrea
does
her
best
to
find
me
a
host
that
will
answer
all
of
the
questions
that
we
have
from
our
community
and
then
I
just
pretend
to
be
a
good
person
so
but
yeah
thanks
again
for
for
jumping
in
hanging
out
with
us
and
then
yeah
hope
you
have
a
great
night,
see
ya
bye.
Everybody
have
a
great.