Secrets are not available in contributed PRs, so tests fail #218
Labels
bug
Something isn't working
nice to have
This is a "nice to have" feature - not a critical requirement
Comments
asgrim
added
bug
|
https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/ Answer is to use |
asgrim
added a commit
to asgrim/scout-apm-php
that referenced
this issue
Nov 24, 2021
Fixes scoutapp#218 https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/ It appears that in forked repos, the `pull_request` event does not allow access to secrets, for security, and therefore any CI builds from forks will fail. The blog post above suggests that using `pull_request_target` runs the same build but in a safer context, meaning secrets can be accessed. This should fix the issue of contributed PRs failing.
asgrim
added a commit
that referenced
this issue
Apr 28, 2022
Fixes #218 https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/ It appears that in forked repos, the `pull_request` event does not allow access to secrets, for security, and therefore any CI builds from forks will fail. The blog post above suggests that using `pull_request_target` runs the same build but in a safer context, meaning secrets can be accessed. This should fix the issue of contributed PRs failing.
This was referenced Apr 28, 2022
asgrim
added a commit
to asgrim/scout-apm-php
that referenced
this issue
Apr 28, 2022
Fixes scoutapp#218 https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/ It appears that in forked repos, the `pull_request` event does not allow access to secrets, for security, and therefore any CI builds from forks will fail. The blog post above suggests that using `pull_request_target` runs the same build but in a safer context, meaning secrets can be accessed. This should fix the issue of contributed PRs failing.
I couldn't get this working. Instead, I modified the pipeline in #267 to skip tests that require |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some of the CI checks require the
secrets.SCOUT_APM_KEYsecret to be defined. However, contributions from forks etc (e.g. #216) do not have access to these CI secrets, and as such, builds will always fail. Need to figure out the best way we'd like to handle this. As a workaround for now, the branch can be tested locally, or pushed to a new PR by a maintainer.The text was updated successfully, but these errors were encountered: