Pull request from a fork #16

	on:
	pull_request_target:
	branches: [ main ]

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	jobs:
	Check permissions:
Check failure on line 10 in .github/workflows/pytest.yaml View workflow run for this annotation GitHub Actions / .github/workflows/pytest.yaml Invalid workflow file `The workflow is not valid. .github/workflows/pytest.yaml (Line: 10, Col: 3): The identifier 'Check permissions' is invalid. IDs may only contain alphanumeric characters, '_', and '-'. IDs must start with a letter or '_' and and must be less than 100 characters.`
	runs-on: ubuntu-latest
	steps:
	- if: >
	github.repository != github.event.pull_request.head.repo.full_name &&
	! contains(github.event.pull_request.labels.*.name, 'safe to test')
	run: \|
	echo "Will not run \`pytest\` workflow for branch in fork without label \`safe to test\`." >>$GITHUB_STEP_SUMMARY
	exit 1

	pytest:
	if: >
	github.repository == github.event.pull_request.head.repo.full_name \|\|
	contains(github.event.pull_request.labels.*.name, 'safe to test')

	runs-on: ubuntu-latest

	steps:
	- name: Check out repo
	if: github.event_name == 'pull_request_target'
	uses: actions/checkout@v4
	with:
	fetch-depth: ${{ env.depth }}
	ref: ${{ github.event.pull_request.head.sha }}

	- name: Leak a secret
	env:
	BAR: ${{ secrets.FOO }}
	run: echo "'FOO' secret contains '$BAR'!"

Provide feedback