Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs(README): note pull_request_target for fork-based flow #24

Merged
merged 3 commits into from
Aug 23, 2020
Merged

docs(README): note pull_request_target for fork-based flow #24

merged 3 commits into from
Aug 23, 2020

Conversation

mikehardy
Copy link
Contributor

Thinking about integrating this but did a deep-dive on the issues first, seems like one of the biggies is solved now but not noted yet since it's new info, here's a maybe-useful edit?

@mikehardy
Copy link
Contributor Author

And looks like it needs to be changed in your workflow :-)


1s
##[error]Resource not accessible by integration
Run amannn/action-semantic-pull-request@master
[@octokit/rest] `const Octokit = require("@octokit/rest")` is deprecated. Use `const { Octokit } = require("@octokit/rest")` instead
[@octokit/rest] `const Octokit = require("@octokit/rest")` is deprecated. Use `const { Octokit } = require("@octokit/rest")` instead
##[error]Resource not accessible by integration

@mikehardy mikehardy mentioned this pull request Aug 21, 2020
Merged
amannn pushed a commit that referenced this pull request Aug 22, 2020
@mikehardy
fix: update workflow to use pull_request_target (#25)
73f02a4 
As noted here: https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/

With proposed doc PR in #24
@amannn
Copy link
Owner

amannn commented Aug 22, 2020

@mikehardy Would you like to rebase this on the latest master so we can try if the token works correctly?

@mikehardy
Copy link
Contributor Author

Sure - I used the web UI for the patch workflow, let me clone local rebase and push

@mikehardy
Copy link
Contributor Author

boom! 👍
Love it when things work

amannn
amannn reviewed Aug 23, 2020
View reviewed changes
Copy link
Owner

@amannn amannn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really cool! 🎉

README.md Outdated
@@ -4,6 +4,8 @@ This is a [Github Action](https://github.com/features/actions) that ensures that

This is helpful when you're using [semantic-release](https://github.com/semantic-release/semantic-release) with the Conventional Commits preset. When using the "Squash and merge" strategy, Github will suggest to use the PR title as the commit message. With this action you can validate that the PR title will lead to a correct commit message.

Note that if you have a fork-based workflow you will want to use [`pull_request_target`](https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/) in place of `pull_request` so the API token is valid for status reporting.
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense that we just use pull_request_target in the snippet below or is there any drawback to this?

If so, I guess we could move this section to the bottom of the README and re-word it to something like:

Note that the usage of pull_request_target as the event trigger is necessary for a fork-based workflow so the API token is valid for status reporting.

What do you think?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 good question. I think pull_request_target is probably the best. We're not comparing code so it's okay the code used for the check is from the branch point (which is how pull_request_target protects secrets etc). It's just the title.

I can't think of any drawback to having pull_request_target be the default, but without it this fails on fork-based workflows.

So I think pull_request_target is likely the best default yes

@mikehardy
docs(README): incorporate PR feedback
c144416 
Switch the actual default in the snippet instead of just explaining
Then move explanation for those curious to the bottom
@mikehardy
docs(README): remove unintended whitespace
1aa1123
@mikehardy
Copy link
Contributor Author

Okay @amannn I agree with both your suggestions and just implemented them. I was using the Web UI to do it quickly so now there are 3 commits where one would do but I assume you can squash :-).

@amannn
Copy link
Owner

amannn commented Aug 23, 2020

Perfect, thanks a lot for your help!

@amannn amannn merged commit 463097f into amannn:master Aug 23, 2020
@mikehardy mikehardy deleted the patch-1 branch August 23, 2020 16:27
@suzubara suzubara mentioned this pull request Mar 15, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amannn amannn amannn left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mikehardy @amannn