Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail gracefully when run from fork #54

Open
rossjrw opened this issue May 20, 2023 · 3 comments
Open

Fail gracefully when run from fork #54

rossjrw opened this issue May 20, 2023 · 3 comments
Labels
enhancement New feature or request

Comments

@rossjrw
Copy link
Owner

rossjrw commented May 20, 2023

Running this action from a fork is not currently supported. Right now, behaviour when running from a fork is undefined; I don't remember exactly what happens, I think it just errors and tells you the action failed. It would be good to have some sort of non-fail (warning?) alert happen instead.
@rossjrw rossjrw added the enhancement New feature or request label May 20, 2023
@melMass
Copy link

melMass commented Aug 9, 2023

I was looking into this! This is why:

  1. The GITHUB_TOKEN has read-only access, so you can't push commits, add comments, or perform most other write actions.
  2. Secrets aren't available in runs on PRs from forks, which is a measure to prevent a malicious PR from exposing repository secrets.
  3. Some context values, like github.repository, are set to the context of the fork, not the base repository.

melMass added a commit to teia-community/teia-ui that referenced this issue Aug 9, 2023
@melMass
ci: ✨ check for forks
1e55377 
Explained here:
rossjrw/pr-preview-action#54
@unkcpz unkcpz mentioned this issue Oct 2, 2023
Closed
@rndquu rndquu mentioned this issue Mar 15, 2024
Closed
@b10n1k
Copy link

b10n1k commented Apr 9, 2024

So IIUC github action from forked cant work. or is there a workaround.
I get

Pushing changes… (attempt 1 of 3)
/usr/bin/git push --porcelain ***github.com/openSUSE/backlogger.git github-pages-deploy-action/4ebykzcsk:gh-pages
remote: Permission to openSUSE/backlogger.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/openSUSE/backlogger.git/': The requested URL returned error: 403
Changes committed to the gh-pages branch… 📦
Running post deployment cleanup jobs… 🗑️
/usr/bin/git checkout -B github-pages-deploy-action/4ebykzcsk
Reset branch 'github-pages-deploy-action/4ebykzcsk'
/usr/bin/chmod -R +rw github-pages-deploy-action-temp-deployment-folder
/usr/bin/git worktree remove github-pages-deploy-action-temp-deployment-folder --force
Completed deployment successfully! ✅
...
Error: Resource not accessible by integration

the workflow file looks like this:

---
name: Backlog Limits Checker
concurrency: preview-${{ github.ref }}
# yamllint disable-line rule:truthy
on:
  pull_request:
    types:
      - opened
      - reopened
      - synchronize
      - closed
permissions:
  contents: write
  pull-requests: write
jobs:
  backlogger:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run the action implemented in this repo
        uses: ./
        with:
          config: queries.yaml
          redmine_api_key: ${{ secrets.REDMINE_API_KEY }}
      - uses: rossjrw/pr-preview-action@v1
        with:
          source-dir: gh-pages

@rossjrw
Copy link
Owner Author

rossjrw commented Apr 9, 2024

@b10n1k Yes, at this time this action does not officially support being run from forks - this is openly stated on the README. See #3 for more info. Workarounds do exist but there are security implications that you need to be aware of - there are very good reasons that this behaviour is blocked by default. See #6 for more info on that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@b10n1k @melMass @rossjrw