rag-experiment-accelerator icon indicating copy to clipboard operation
rag-experiment-accelerator copied to clipboard

Published 20 hours ago verified publisher icon microsoft

PRs from Forks won't have Access to Secrets

Open martinpeck opened this issue 1 year ago • 1 comments

The GitHub action rag_exp_acc_ci runs on PRs. However, because PRs from forks aren't given secrets, this action will fail for all such PRs.

This project needs to address this if PRs from forks are expected (i.e. any external contribution)

Ways to work around this include the approach taken by Azure TRE where by a PR bot is used to kick of builds of PRs only after inspection of the PR to ensure that secrets won't be exposed:

https://github.com/microsoft/AzureTRE/blob/main/.github/workflows/pr_comment_bot.yml

martinpeck avatar Apr 02 '24 11:04 martinpeck

Alternatively, don't run builds that require secrets against PRs. Only run them against branches, once merged

martinpeck avatar Apr 02 '24 11:04 martinpeck