CI fails for pull requests from forks #374
Labels
type:infra
Issues with our CI setup, packaging, or process
Comments
agateau-gg
added
type:bug
|
Maybe the solution is to do something like this: https://github.com/marketplace/actions/test-reporter#recommended-setup-for-public-repositories |
agateau-gg
added
type:infra
agateau-gg
added a commit
to agateau-gg/ggshield
that referenced
this issue
Feb 22, 2023
These tests fail because they need the GITGUARDIAN_API_KEY variable, but it's not available for pull-requests coming from forks. Fixes GitGuardian#374
agateau-gg
added a commit
to agateau-gg/ggshield
that referenced
this issue
Feb 22, 2023
These tests fail because they need the GITGUARDIAN_API_KEY variable, but it's not available for pull-requests coming from forks. Fixes GitGuardian#374
agateau-gg
added a commit
to agateau-gg/ggshield
that referenced
this issue
Feb 22, 2023
These tests fail because they need the GITGUARDIAN_API_KEY variable, but it's not available for pull-requests coming from forks. Fixes GitGuardian#374
agateau-gg
added a commit
to agateau-gg/ggshield
that referenced
this issue
Feb 22, 2023
These tests fail because they need the GITGUARDIAN_API_KEY variable, but it's not available for pull-requests coming from forks. Fixes GitGuardian#374
agateau-gg
added a commit
to agateau-gg/ggshield
that referenced
this issue
Feb 22, 2023
These tests fail because they need the GITGUARDIAN_API_KEY variable, but it's not available for pull-requests coming from forks. Fixes GitGuardian#374
agateau-gg
added a commit
to agateau-gg/ggshield
that referenced
this issue
Feb 22, 2023
These tests fail because they need the GITGUARDIAN_API_KEY variable, but it's not available for pull-requests coming from forks. Fixes GitGuardian#374
agateau-gg
added a commit
to agateau-gg/ggshield
that referenced
this issue
Feb 22, 2023
These tests fail because they need the GITGUARDIAN_API_KEY variable, but it's not available for pull-requests coming from forks. Fixes GitGuardian#374
agateau-gg
added a commit
to agateau-gg/ggshield
that referenced
this issue
Feb 22, 2023
These tests fail because they need the GITGUARDIAN_API_KEY variable, but it's not available for pull-requests coming from forks. Fixes GitGuardian#374
agateau-gg
added a commit
to agateau-gg/ggshield
that referenced
this issue
Feb 22, 2023
Do not run steps which require the GITGUARDIAN_API_KEY variable. These steps always fail because the variable is not available for pull-requests coming from forks. Fixes GitGuardian#374
agateau-gg
added a commit
that referenced
this issue
Feb 22, 2023
Do not run steps which require the GITGUARDIAN_API_KEY variable. These steps always fail because the variable is not available for pull-requests coming from forks. Fixes #374
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
When a pull request is opened from a fork, the CI fails because it cannot access the
GITGUARDIAN_API_KEYsecret required to run functional tests. This is caused by a security feature on GitHub actions: pull requests across forks cannot access secrets, neither secrets from the source repository nor from the target repository.Definition of done
pull_request_targetevent instead of thepull_requestone would give access to the secrets because in this case the scripts run in the context of the target repository. Running untrusted code from this event is however a security issue, sopull_request_targetcannot be used as a direct replacement forpull_request: the submitted code needs to be manually reviewed before triggering the run.GITGUARDIAN_API_KEYis set or not: we want the tests to fail for a CI run on pushes and on pull-requests from branches within the repository.The text was updated successfully, but these errors were encountered: