Skip to content

Commit

Permalink
Merge pull request #6 from 1Password/readme-fork-comment-instructions
Browse files Browse the repository at this point in the history
Update README with instructions to support commenting on forks
  • Loading branch information
SimonBarendse authored Sep 22, 2023
2 parents 8b94ee1 + c073b9f commit 0878d0e
Showing 1 changed file with 20 additions and 6 deletions.
26 changes: 20 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,34 @@ A GitHub Action that checks the commits of the current PR and fails if it contai

```yml
name: Check signed commits in PR
on: pull_request
on: pull_request_target

jobs:
build:
name: Check signed commits in PR
check-signed-commits:
name: Check signed commits in PR
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Check out code
uses: actions/checkout@v3

- name: Check signed commits in PR
uses: 1Password/check-signed-commits-action@v1
```
## `pull_request_target` vs. `pull_request`

Workflows containing this action can be configured to run both on [`pull_request`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request) events as on [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) events.

The reason to prefer `pull_request_target` over `pull_request` is to allow the action to post comments on external PRs created from forks. The GitHub token that comes with the regular `pull_request` event does not support commenting on PRs in the upstream repo.

When using `pull_request_target`, make sure to set the right permissions in the workflow:

```yml
permissions:
contents: read
pull-requests: write
```

## Change PR Comment

The comment that will be placed in the PR upon detecting unsigned commits can be changed using the `comment` field:
Expand Down

0 comments on commit 0878d0e

Please sign in to comment.