chore: do not run functional tests on pull-requests forks

These tests fail because they need the GITGUARDIAN_API_KEY variable, but it's not available for pull-requests coming from forks. Fixes GitGuardian#374
agateau-gg · Feb 22, 2023 · 0af41d3 · 0af41d3
1 parent f78e1b9
commit 0af41d3
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -11,6 +11,9 @@ on:
       - 'doc/**'
       - 'README.md'
 
+env:
+  IS_PR_FROM_FORK: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository }}
+
 jobs:
   lint:
     name: Lint package
@@ -40,6 +43,17 @@ jobs:
       - name: Run pre-commit checks
         run: GITGUARDIAN_API_KEY=${{ secrets.GITGUARDIAN_API_KEY }} pre-commit run --show-diff-on-failure --all-files
 
+      - name: debug
+        run: echo "IS_PR_FROM_FORK=$IS_PR_FROM_FORK"
+
+      - name: debug2
+        if: env.IS_PR_FROM_FORK == 'true'
+        run: echo "I am a fork"
+
+      - name: debug3
+        if: env.IS_PR_FROM_FORK == 'false'
+        run: echo "I am not a fork"
+
   build:
     name: Build and Test
     runs-on: ${{ matrix.os }}
@@ -113,6 +127,10 @@ jobs:
           fail_ci_if_error: false
 
       - name: Run functional tests
+        # For security reasons, secrets are not available when running tests for a pull request from a fork. This causes
+        # all functional tests to fail because GITGUARDIAN_API_KEY is not defined. To avoid this, skip this step if we
+        # were triggered by a pull request from a fork.
+        if: env.IS_PR_FROM_FORK == 'false'
         shell: bash
         run: |
           make functest GITGUARDIAN_API_KEY=${{ secrets.GITGUARDIAN_API_KEY }} GITGUARDIAN_API_URL=${{ secrets.GITGUARDIAN_API_URL }}
@@ -159,6 +177,7 @@ jobs:
   test_github_secret_scan_action:
     name: Test GitHub action for `secret scan`
     runs-on: ubuntu-latest
+    if: ${{ !github.event.pull_request.head.repo.fork }}
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -178,6 +197,7 @@ jobs:
   test_github_iac_scan_action:
     name: Test GitHub action for `iac scan`
     runs-on: ubuntu-latest
+    if: ${{ !github.event.pull_request.head.repo.fork }}
     steps:
       - name: Checkout
         uses: actions/checkout@v2