-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run preview.yaml without secret key #38
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, did you try it out? Why draft? I would be ok to just merge to actually try it out if there is no better way to test
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With this change this workflow will now be called from the main branch and only test the code from the main branch, so it's pointless this way.
The new code from the PR has to be checked out manually.
9655d25
to
9ba2775
Compare
i removed the branch, so it should run for every push. |
.github/workflows/backlogger.yaml
Outdated
@@ -3,7 +3,6 @@ name: Backlog Limits Checker Preview | |||
# yamllint disable-line rule:truthy | |||
on: | |||
push: | |||
branches: ['main'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to stay there. We only want to deploy for commits on the main branch.
What I mean is:
Since we decided that we want to run unsafe code from the PR explicitly, we need to check out that branch. |
9ba2775
to
9035450
Compare
I think i got it but i am struggled to understand some concepts with pull_request_target and what it takes to checkout the PR and run against it. @perlpunk please check again 883aa24 |
To avoid the use of secret variable in CI which breaks the pr-preview-action when it runs from forked repo, the preview.yaml is updated to use pull_request_target event instead of pull_request. Permissions are removed as the GITHUB_TOKEN is granted read/write repository permission by default for that event. https://progress.opensuse.org/issues/158236 Signed-off-by: ybonatakis <[email protected]>
9035450
to
883aa24
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a not-critical project so I would simply have that quickly merged and see what happens
#40 is not doing what's expected. |
To avoid the use of secret variable in CI which breaks the pr-preview-action when it runs from forked repo, the preview.yaml is updated to use pull_request_target event instead of pull_request. Permissions are removed as the GITHUB_TOKEN is granted read/write repository permission by default for that event.
https://progress.opensuse.org/issues/158236