Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

E2E Docker image build fails on forks #1718

Closed
3 tasks done
chatton opened this issue Jul 18, 2022 · 0 comments · Fixed by #1719
Closed
3 tasks done

E2E Docker image build fails on forks #1718

chatton opened this issue Jul 18, 2022 · 0 comments · Fixed by #1719
Assignees

Comments

@chatton
Copy link
Contributor

chatton commented Jul 18, 2022

Summary of Bug

The E2E Tests do not correctly when running against a fork. These tests should run correctly on all PRs

The Docker image build fails as we depend on a secret being passed to the workflow (secrets.GITHUB_TOKEN) .

When a github workflow is triggered from a fork, the default behaviour is that no secrets are passed.

One possible solution to make this work, is to update the test.yml workflow to run on pull_request_target. This passes the secrets however if we do this we need to put additional safeguards in place to prevent abuse of the secrets.

We can add an additional clause that the e2e tests should only run when a specific label is present .e.g. safe-to-test. This ensures that someone with write access to the repo has reviewed the code and added the label on the fork PR.

Note: Ideally we make the bare minimum number of workflows use pull_request_target. This might mean splitting u existing workflows.

A better solution is to simply use a local docker image for forks. This means that no secrets need to be exposed, and no manual checking of the code before allowing the tests to run. The docker images are sandboxed to the github runner.

This has the downside of taking slightly longer for image build ( ~2mins ) however it is safer and easier to maintain.


For Admin Use

  • Not duplicate issue
  • Appropriate labels applied
  • Appropriate contributors tagged/assigned
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant