coverage icon indicating copy to clipboard operation
coverage copied to clipboard

Published 20 hours ago verified publisher icon orgoro

Support Workflow Runs

Open techman83 opened this issue 1 year ago • 6 comments

Due to security issues running untrusted checkouts from forks, access to things like secrets and tokens are blocked. It is possible to allow this, but it is not wise, and the recommended process is to use a workflow run call. This will add support for workflow_run based pull requests, allowing PRs to be commented upon, regardless of whether they are a fork or from a local branch.

techman83 avatar Mar 14 '24 05:03 techman83

I feel like the test for this may suffer from the same problem as this one solves 🙂

HttpError: Resource not accessible by integration
    at /home/runner/work/coverage/coverage/webpack:/typescript-action/node_modules/@octokit/request/dist-node/index.js:86:1
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

techman83 avatar Mar 29 '24 11:03 techman83

I've split the workflows in the same manner as my PR recommends in terms of usage. It is notable that for this PR, coverage won't run, as the workflow needs to be in the default branch before it will become an action that can be triggered.

techman83 avatar Mar 30 '24 03:03 techman83

@orgoro anything extra required for merge? I've been using my fork in my own workflows for a while now :slightly_smiling_face:

techman83 avatar May 22 '24 00:05 techman83

@techman83 - thanks for putting this together. I tried it out but ran into an error: https://github.com/posit-dev/posit-sdk-py/actions/runs/9353058789

It looks like the 'base' variable is undefined, which I believe stems from here: https://github.com/orgoro/coverage/pull/281/files#diff-a2a171449d862fe29692ce031981047d7ab755ae7f84c707aef80701b3ea0c80R19

I tried to determine the shape of context.payload.workflow_run.pull_requests[0] but couldn't figure it out.

Any thoughts or advice is appreciated. Thanks!

tdstein avatar Jun 03 '24 16:06 tdstein

@tdstein I'm not really sure, it has been working pretty reliably for most of my testing

The payload is what is in the github context, so being a workflow run, in here should be where it's at. https://github.com/orgoro/coverage/pull/281/files#diff-a2a171449d862fe29692ce031981047d7ab755ae7f84c707aef80701b3ea0c80R23

Would need a sample of the github to get a better idea. Which you can dump using echo

    - run: echo "${{ toJson(github) }}"

It would be nice if actions/core had a workflow type that could be consumed, but that extended well beyond my available time for such things :slightly_smiling_face:

techman83 avatar Jun 04 '24 03:06 techman83

Rebased off current main :slightly_smiling_face:

techman83 avatar Jul 21 '24 04:07 techman83