You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently this action is not usable for PRs from forks because secrets are not available in this case – and you currently enforce a login to Docker Hub.
Work without credentials for PRs from forks in on pull_request:
Build the image with outputs: type=oci,dest=image.tar
Upload the PR number and the image tarball as artifacts
In on workflow_run:
Download the artifacts
Log in to Docker Hub
Run docker/scout-action with image: archive://image.tar and giving the PR number as an option
Actually, most of this should be doable today already. But I don't see how the action gets the correct PR to comment on in this case. This probably will need a new config to pass the PR number.
(Of course it would be a lot easier if the Scout service had a different way to authenticate. Maybe via the "Docker Inc" GitHub app?)
The text was updated successfully, but these errors were encountered:
Currently this action is not usable for PRs from forks because secrets are not available in this case – and you currently enforce a login to Docker Hub.
The recommended solution (see Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests) is to split this up in two parts. For this action this probably would mean:
on pull_request:outputs: type=oci,dest=image.taron workflow_run:docker/scout-actionwithimage: archive://image.tarand giving the PR number as an optionActually, most of this should be doable today already. But I don't see how the action gets the correct PR to comment on in this case. This probably will need a new config to pass the PR number.
(Of course it would be a lot easier if the Scout service had a different way to authenticate. Maybe via the "Docker Inc" GitHub app?)
The text was updated successfully, but these errors were encountered: