pr-preview-action
pr-preview-action copied to clipboard
Resolve permissions error when preview is initiated from fork
https://github.com/scpwiki/interwiki/runs/5834681840?check_suite_focus=true
This workflow run failed because it did not have permission to push to the upstream repository.
I believe this happened because the workflow was executed from the fork. The pull_request
event is executed in the context of the merge commit, whereas the pull_request_target
event is executed in the base repository. For internal PRs, these are identical; for forks, they are not. In particular this means that the action will not have permission to push to the repository when using the pull_request
event type, as its GITHUB_TOKEN lacks that permission.
Switching to the pull_request_target
event might resolve this, but there are security considerations to take into account: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Changes shouldn't be needed to this action, but I will need to amend documentation to cover this use case. The README is getting pretty bloated - I should take this chance to move some of the code samples into the repository proper.