The data fixer does not work on forks #780
Comments
|
The plan to use a github secret with a user token was destined to fail. Action triggers from forks do not get the repo secrets. Which makes sense from a security perspective, though I wish there was a way to divulge the secrets in case the workflow file was not modified. |
|
Potential solutions:
|
|
There might be another options, didn't look too deep but I can, Could the workflow have that maintainer users environment variables for those actions? As a note, I have not used github actions. Problem: To provide an action with a secret as an input or environment variable, you can use the secrets context to access secrets you've created in your repository. For more information, see "Context and expression syntax for GitHub Actions" and "Workflow syntax for GitHub Actions." |
|
@ph-ct the way I tested the secrets was through environment variables. They aren't passed to the process if it's running on a remote fork. Did I misunderstand your suggestions? |
|
@ubershmekel usually workflows have a way to run the forks in your action context i think is what it's saying (that problem solution part is mine added just for readability but it reads clean in the link). I have not read in detail after that but I can. I don't know if I have access to the configs for the workflows but it's running this data builder python script? and I'm guessing it's for this workflow but I can't see the config. https://github.com/2020PB/police-brutality/actions?query=workflow%3A%22Validate+Data%22 |
The data validator from #745 works on branches that are in this repo, but not on branches in forks of this repo (non-maintainer PRs).
The solution is to make https://github.com/ubershmekel2020pb a maintainer. That's a user I created that will have no access to anything except this repo, and that user auth token will be embedded in the github actions secrets to be used by the PR CI.
The text was updated successfully, but these errors were encountered: