-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Build for Pull Requests / Code Sign Artifacts using an option #1524
Comments
env |
Do you want also publish? |
Make sure the documentation for this option clearly states the security implications of turning it on (at least when using Travis CI). |
…ecurity implications of turning it on #1524
@develar Thanks for that. |
@develar - If one also wants publish, is there a way to do that as well? In my org's workflow, we want to have built artifacts against a draft GitHub release based on a pull request made from a branch inside the repository (as opposed to a fork of the repository) for internal code review purposes (the master branch is protected and can't be merged to unless an approved PR is made). Security-wise, I feel fine enabling this since we have building PR's from or exposing protected environment variables to forks turned off in the CI configuration. Is there a way to enable publish from a PR? |
@krystophv option will be added in 2 days, thanks for feature request. |
@krystophv I end up using a custom script to upload the artifacts generated because the electron-builder uploader is not that flexible. I used this package: https://github.com/remixz/publish-release |
PUBLISH_FOR_PULL_REQUEST is added. |
After this issue: #1354 we are not allowing to code sign artifacts during a pull-request build. While I understand the security issue, I still think that would be useful to have an option like
build_for_pull_requests
(boolean).In our current workflow, we build/codesign apps to make real tests during the development of big features. We can easily perform QA tests with that option.
Right now, I have a workaround to make this work, but it's hacky:
Setting all these 3 vars
TRAVIS_PULL_REQUEST
CI_PULL_REQUEST
CI_PULL_REQUESTS
tofalse
on the CI would make the build run for pull requests.The text was updated successfully, but these errors were encountered: