pr-preview-action
pr-preview-action copied to clipboard
Fail gracefully when run from fork
Running this action from a fork is not currently supported. Right now, behaviour when running from a fork is undefined; I don't remember exactly what happens, I think it just errors and tells you the action failed. It would be good to have some sort of non-fail (warning?) alert happen instead.
I was looking into this! This is why:
- The
GITHUB_TOKEN
has read-only access, so you can't push commits, add comments, or perform most other write actions. - Secrets aren't available in runs on PRs from forks, which is a measure to prevent a malicious PR from exposing repository secrets.
- Some context values, like
github.repository
, are set to the context of the fork, not the base repository.
So IIUC github action from forked cant work. or is there a workaround. I get
Pushing changes… (attempt 1 of 3)
/usr/bin/git push --porcelain ***github.com/openSUSE/backlogger.git github-pages-deploy-action/4ebykzcsk:gh-pages
remote: Permission to openSUSE/backlogger.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/openSUSE/backlogger.git/': The requested URL returned error: 403
Changes committed to the gh-pages branch… 📦
Running post deployment cleanup jobs… 🗑️
/usr/bin/git checkout -B github-pages-deploy-action/4ebykzcsk
Reset branch 'github-pages-deploy-action/4ebykzcsk'
/usr/bin/chmod -R +rw github-pages-deploy-action-temp-deployment-folder
/usr/bin/git worktree remove github-pages-deploy-action-temp-deployment-folder --force
Completed deployment successfully! ✅
...
Error: Resource not accessible by integration
the workflow file looks like this:
---
name: Backlog Limits Checker
concurrency: preview-${{ github.ref }}
# yamllint disable-line rule:truthy
on:
pull_request:
types:
- opened
- reopened
- synchronize
- closed
permissions:
contents: write
pull-requests: write
jobs:
backlogger:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run the action implemented in this repo
uses: ./
with:
config: queries.yaml
redmine_api_key: ${{ secrets.REDMINE_API_KEY }}
- uses: rossjrw/pr-preview-action@v1
with:
source-dir: gh-pages
@b10n1k Yes, at this time this action does not officially support being run from forks - this is openly stated on the README. See #3 for more info. Workarounds do exist but there are security implications that you need to be aware of - there are very good reasons that this behaviour is blocked by default. See #6 for more info on that.