jest-coverage-report-action
jest-coverage-report-action copied to clipboard
Add possibility to create annotations on PRs from forks without `checks: write` permission
Describe a bug
When using this action on a fork, according to the docs by using the markdown output, this action still fails.
Expected behavior
It should not fail, and hopefully report the coverage
Details
- Action version: 2
- OS, where your action is running (windows, linux): linux
- https://github.com/maplibre/maplibre-gl-js/blob/57ab2c332837a78c038e58c3dfcf075f7dfc6697/.github/workflows/test-unit.yml#L34
- Error:
- https://github.com/maplibre/maplibre-gl-js/runs/8210019949?check_suite_focus=true
Additional context
This is in continue to this issue which was resolved: #256
I'm guessing that there's a missing "if markdown down't publish results" or something similar...
This is not the report part but the annotations which have a similar problem when it comes to permissions when running on a fork :-( Is it possible to try-catch it or skip this stage in case of a PR from a fork? While this is a very good way to visualize coverage it's better to have the coverage report as PR comment only than have nothing :-)
Hello @HarelM :wave:,
Yeah, that's the issue with checks - looks like your GitHub token doesn't have enough permissions to publish checks.
Found this fix: https://github.com/alibaba/lowcode-engine/blob/7a0bab11aca6fa5856af894736222c6d14897467/.github/workflows/cov%20packages.yml#L13 So, for your case, fix could look like this:
annotations: ${{ github.event.pull_request.head.repo.full_name == github.event.repository.name && 'coverage' || 'none' }}
Looks weird because GitHub Actions doesn't support ternary operators.
I think that should work. Of course, another solution could be to create personal access token with "checks: write" permission and pass it as a github-token
parameter, but that's not safe. Don't know how these privileges could be used in a malicious way, but I think GitHub has a good reason for limiting token privileges.
Thanks!!! super useful. I'll try it out. If you find a way to publish annotations the same way that it is working for the commit message it would be great. If not, feel free to close this issue. Thanks a lot for all the hard work and the great support you give!
Yeah, that's a good idea. I've found an action for publishing annotations from json file: annotations-action.
I will check if it works without "write" permissions. Can't promise that support for annotations output will be implemented soon, but I will post updates on this issue.
Seems like the above code created an issue, not entirely sure why... Can be seen here (probably not for long) https://github.com/maplibre/maplibre-gl-js/runs/8220657182?check_suite_focus=true
I'm currently reverting to annotations none
, I hope it will allow me to see the coverage report at least...
Let me know if there's anything else I can check...
@HarelM 😢
I just found that there are two different events - pull_request
and pull_request_target
. pull_request
runs on the head branch, and is considered "unsafe" - runs with read-only permissions. pull_request_target
runs on the base branch, with write permissions. I will try to update the logic, to support the pull_request_target
event.
Bummer... Let me know if you figured out a solution. I'll be happy to test it! :-)
Any update? I have the same issue: https://github.com/TokenScript/token-negotiator/actions/runs/3086784740/jobs/5008480454