Hey, so, yesterday, after getting a PR to my repo, I was a little bit concerned to see that it triggered an Azure build that reported all steps were successful - including upload. While an incredibly unlikely attack vector, it’d remain one if people were able to push arbitrary code in binaries I distribute for beta testing.
So I ran a test: made a burner Github account, sent a PR, saw that Azure ran every step… but didn’t actually upload any new file to my releases. So that means the configuration we’re all kinda copying from each other has no issue on this front.
For reference, here’s mine:
I thought it was worth mentioning, since I don’t understand Pipelines well, and have no clue where the magic lies that protects me from this issue.