Run Danger on pull requests to danger/danger GitHub repo#1382
Run Danger on pull requests to danger/danger GitHub repo#1382mathroule wants to merge 8 commits into
danger/danger GitHub repo#1382Conversation
3e96d06 to
d61fe98
Compare
| TOKEN+='79960c12a1e067f2ec' | ||
| DANGER_GITHUB_API_TOKEN=$TOKEN RUNNING_IN_ACTIONS=true echo 'bundle exec danger --verbose' | ||
| env: | ||
| DANGER_GITHUB_API_TOKEN: 7469b4e94ce21b43e3ab7a79960c12a1e067f2ec # FIXME Store it in GitHub Actions secrets |
There was a problem hiding this comment.
@orta do you think a new GitHub API token can be generated and added as GitHub Actions secret for https://github.com/danger-public?
There was a problem hiding this comment.
Afraid not, needs to be in the code like above, secrets wont work here because it only runs on branch PRs and not forks
There was a problem hiding this comment.
Ah, you probably broke the old token by putting it in a single string too, will need to find the password for that account
There was a problem hiding this comment.
The token is not authorized anymore, if my change deauthorized the token sorry about that.
Indeed storing it as GitHub Actions secrets, will make it not available for fork PRs, but I'm not sure splitting the token in 2 parts, is the best workaround to use in terms of security.
There was a problem hiding this comment.
Actually, GitHub advises solving the problem differently: https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows.
I'll test that in this PR.
There was a problem hiding this comment.
Unfortunately using pull_request_target or workflow_run triggers will not work out of the box. Indeed, the workflow will be executed in the context of the base branch, not of the head branch / PR context.
There was a problem hiding this comment.
Using env var this way works, but it will not work for forked pull requests:
env:
DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
danger/danger GitHub repo
5e74c2b to
8e36bbb
Compare
64d57e8 to
87b0310
Compare
danger/danger GitHub repodanger/danger GitHub repo
8f9ed85 to
88d16c8
Compare
| TOKEN+='79960c12a1e067f2ec' | ||
| DANGER_GITHUB_API_TOKEN=$TOKEN RUNNING_IN_ACTIONS=true echo 'bundle exec danger --verbose' | ||
| env: | ||
| DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
secrets cannot be accessed by forked PRs, so this change isn't doing what you want it to do I think
Run Danger on pull requests to
danger/dangerGitHub repository.