🔥 3-day streak
Microsoft DevOps Engineer Expert112 / 138
Question 112 of 138

Your team maintains a public repository on GitHub that accepts contributions from external forks via pull requests. The CI workflow needs to run integration tests that reference a deployment secret stored in the repository's Actions secrets. A security reviewer warns that a malicious contributor could open a pull request that exfiltrates the secret. You must ensure that secrets are never exposed to workflows triggered by pull requests from forks, while still allowing trusted maintainers to run the full pipeline. What should you do?

Reviewed for accuracy · Report an issueNext question