From 37a448ccf50474f34523d12db3505755588da35d Mon Sep 17 00:00:00 2001
From: Roman Mohr <rmohr@redhat.com>
Date: Wed, 15 Dec 2021 12:02:29 +0100
Subject: [PATCH] Make secrets for third-party PRs available

If a PR gets labeled with `ok-to-test` the integration test job is
triggered and this github action has access to secrets.

The github action does for security resaons not allow secrets on all
PRs, so we add this extra step.

Still, the action itself, while using a secret, does not have any
interaction points with users. The PR content is actually not even
checked out.

Signed-off-by: Roman Mohr <rmohr@redhat.com>
---
 .github/workflows/e2e.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 08dcdc04a..c34471d7f 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -1,8 +1,11 @@
-on: [pull_request]
+on:
+  pull_request_target:
+    types: [labeled]
 name: e2e
 jobs:
-  docker:
+  integration:
     runs-on: ubuntu-latest
+    if: contains(github.event.pull_request.labels.*.name, 'ok-to-test')
     steps:
       - name: Checkout code
         uses: actions/checkout@v2