twuni
:bug: Fix commit hash in PR diff comment
ref https://github.com/twuni/docker-registry.helm/pull/72#issuecomment-1218373416
Running a helm template smoketest on commit refs/heads/main results in the following diff against main:
diff
diff -ur before/docker-registry/templates/cronjob.yaml after/docker-registry/templates/cronjob.yaml
--- before/docker-registry/templates/cronjob.yaml 2022-08-17 19:08:08.252056897 +0000
+++ after/docker-registry/templates/cronjob.yaml 2022-08-17 19:08:08.292057141 +0000
@@ -19,7 +19,7 @@
release: release-name
annotations:
checksum/config: aeb3c6a5381f81df0dc2147dc45482f5049d0627a4fc78f3085cc0bb4dfa3514
- checksum/secret: 0a08606837b7e7427825c33db67e53c370e0fea1548b769e6a1829c79e47b8dd
+ checksum/secret: 4fd0af17bd7677848187042261c2a520aa33eb706e3b9b87e7f09f5db16ba767
test: annotation
spec:
diff -ur before/docker-registry/templates/deployment.yaml after/docker-registry/templates/deployment.yaml
--- before/docker-registry/templates/deployment.yaml 2022-08-17 19:08:08.252056897 +0000
+++ after/docker-registry/templates/deployment.yaml 2022-08-17 19:08:08.292057141 +0000
@@ -24,7 +24,7 @@
release: release-name
annotations:
checksum/config: aeb3c6a5381f81df0dc2147dc45482f5049d0627a4fc78f3085cc0bb4dfa3514
- checksum/secret: d321ea4ab394a2e39ca863e7143a70f5b5f9044eefcd93c3a58771ebf32cc607
+ checksum/secret: cfd2eaf421d5f15da887b80e9e53d15208732647f1e37df10a4b70c6db6e6cac
test: annotation
spec:
diff -ur before/docker-registry/templates/secret.yaml after/docker-registry/templates/secret.yaml
--- before/docker-registry/templates/secret.yaml 2022-08-17 19:08:08.252056897 +0000
+++ after/docker-registry/templates/secret.yaml 2022-08-17 19:08:08.292057141 +0000
@@ -13,7 +13,7 @@
type: Opaque
data:
htpasswd: YWJj
- haSharedSecret: "YVJXWEJDZThpbHoyUkxTdg=="
+ haSharedSecret: "T2E3OVRRZnZzQ3VpZU9YcA=="
s3AccessKey: "ZGVm"
s3SecretKey: "YWJj"
proxyUsername: ""
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Ah. I think the issue might be that the workflow is running in the context of the target repo+branch (vs the base PR's branch).
:bulb: FYI: I've temporarily disabled this workflow since we have a few PRs going and main and v2.2.1 are currently failing when using the action's test values (fixed in #77). I'll re-enable it once v2.2.2 is released and this PR has landed.
this is no longer my first PR to the repo, and now pull_request event is being triggered on this PR (you might have to approve it the first time, or even on every new commit depending on repo settings). I think pull_request_target is not what we need here for the reasons in previous comments (wrong diff). the problem regarding commenting permissions on the PR under pull_request event remains though...
an alternative that can run on pull_request without any changes to permissions: https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/ found via https://github.com/orgs/community/discussions/26644
otherwise, a personal access token could potentially be another alternative to make the current setup work, but that's not a very safe alternative imo.