-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for pull_request_target #200
Comments
@PatrickHeneise, good catch – thanks! I'll take care of this over the weekend. |
@PatrickHeneise, #201 adds support for The existing - uses: actions/checkout@v2
with:
ref: ${{ github.head_ref }} and pushed via:
which won't work for forked repositories. I'm still determining the best way to support all contexts; let me know if you have any thoughts in the meantime. |
Well, I spent some more time with this today with no luck. See actions/checkout#455 (comment) for some context, but this might take some time to sort out – or it might not be possible to support. |
Thanks a lot for looking into this so quickly! Have you tried |
Yeah, I did add support for this. It checkouts the pull request HEAD commit (instead of the default merge commit), which is necessary for |
Ah, ok. Yeah, the permission stuff is definitely confusing with Actions :( I'll try a few things too, see if we can solve this. |
@PatrickHeneise, I've since stumbled across this blog post which gives a pretty good overview of why some of these constraints are in place to mitigate security issues. I've tried a few more things, most recently triggering the The only other idea I have at the moment involves leveraging the
I would think (1) could happen with core actions, but I could possibly add a mode to Let me know if you think that latter idea would even be worth pursuing... |
I've worked with Definitely trickier than anticipated, and I feel this is an issue GitHub should address, as this is common practice to open a PR from a fork. |
Closing this for now. There seems to be some development at GitHub to solve the permission issue. |
This action fails with
Error: Unsupported event pull_request_target (currently supported events include push, pull_request)
pull_request_target
is a new event type that allows access to the repository secrets (TINIFY_API_KEY
) when the pull request is coming from a fork.Maybe remove the event check all together and allow events like
workflow_dispatch
as well? GitHub Actions changes frequently.For more information, see https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/#improvements-for-public-repository-forks
The text was updated successfully, but these errors were encountered: