Pass secrets to approved workflow jobs#258
Conversation
|
Good to know that Edit: Darn no luck with the re-run... Going to update the check to 
|
|
Hmm... |
|
Trouble with secret passing might be a limitation of the |
seratch
left a comment
There was a problem hiding this comment.
Ideally, we wan to run tests for PRs but this workaround looks good to me at this time
this reverts commit c713bb3 because this is useful
|
@seratch There are a few new changes so want to check that this looks good before merging. The tests aren't running on this PR, but I believe this is because Using |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check user permissions | ||
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.author_association != 'MEMBER' }} |
There was a problem hiding this comment.
The pull_request_target still uses the event.pull_request values from what I can tell: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
|
@seratch No worries at all! Thank you for another review 🙌 |
Summary
This PR attempts to pass secrets to integration tests for PRs opened from a fork. Fixes #251.
PRs not opened by a
COLLABORATORwill initially fail because secrets "are not passed to workflows that are triggered by a pull request from a fork" but checking out thehead.shaon a re-run is an apparent workaround for this and workflows can be re-run by a maintainer!Notes
author_associationsincludeMEMBERwhich might work better for the check inaccess_check. I think a re-run will pass this check in any case though 🤔Requirements