Fix workflows for PRs coming from forked repositories #154
Conversation
The step was called "... on Failure". Since this step has been changed in the past to always run, regardless of failure it makes sense to remove the "on Failure" part.
remcowesterhoud
force-pushed
the
148-forked-pr-workflow
branch
from
9c81677
to
ec37a37
Compare
Publishing unit test results the way we did does not work when we get a PR from a forked repo (eg. dependabot). This is because forked repositories run with a read-only GITHUB_TOKEN. We can circumvent this problem by publishing the test results in a separate workflow. This workflow gets triggered upon completion of the workflow that is triggered by the forked PR. The second workflow will have the right to write, thus is able to publish the test results. The first workflow has to upload its event file as an artifact for the second workflow to be able to publish the results. For more info see: https://github.com/EnricoMi/publish-unit-test-result-action#support-fork-repositories-and-dependabot-branches
remcowesterhoud
force-pushed
the
148-forked-pr-workflow
branch
from
ec37a37
to
d9684c9
Compare
|
@korthout I'd love a review from you here. I wanted to test this works but I don't think there is a way to do this without this being merged first (if you know one please enlighten me 🧠). I am confident it will work though, since this solution is copied straight from the docs 😄 |
There was a problem hiding this comment.
Normally, this would be resolved by changing the context in which the workflow is run, i.e. changing pull_request into pull_request_target, but the docs explicitly mention that this is dangerous for this action (referring to this article).
In any case, the recommended solution (although a bit more verbose), looks like it would resolve the problem. So LGTM 🦕
I'm not sure about testing it. Seems this workflow is run on any pull request event. Perhaps give the PR a label and see if that runs the workfow(s).
Description
PRs from forked repositories would always fail because the workflow is unable to publish the unit test results. This is because the
GITHUB_TOKENin these workflows have read-only right.By putting the publishing of these results in a separate workflow we can work around these access rights. This workflow gets triggered upon completion of the first workflow and downloads the artifacts uploaded in the first workflow. This allows it to publish them without problem.
See: https://github.com/EnricoMi/publish-unit-test-result-action#support-fork-repositories-and-dependabot-branches
Related issues
closes #148
Definition of Done
Not all items need to be done depending on the issue and the pull request.
Code changes:
Testing:
Documentation: