Preview Action: Use pull_request_target to avoid token restriction #169
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Due to restrictions imposed to the `GH_TOKEN` when forks are created
from forks when workflows are triggered by the pull_request event, I'm
switching the execution to be done on `pull_request_trigger`, which
lifts said restrictions.
Docs: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
> This event runs in the context of the base of the pull request, rather
than in the context of the merge commit, as the pull_request event does.
This prevents execution of unsafe code from the head of the pull request
that could alter your repository or steal any secrets you use in your
workflow. This event allows your workflow to do things like label or
comment on pull requests from forks. Avoid using this event if you need
to build or run code from the pull request.
fix fetch
vcanales
force-pushed
the
preview-action/use-pull-request-target
branch
from
5867676
to
42aea1f
Compare
MaggieCabrera
approved these changes
Apr 26, 2024
Correct, but I've tested and confirmed it works as expected over at Automattic/themes |
|
Sample PR from a fork tested after the fix was merged: Automattic/themes#7721 |
|
I believe you, thanks! Merging |
MaggieCabrera
pushed a commit
that referenced
this pull request
Apr 29, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Due to restrictions imposed to the
GH_TOKENwhen forks are created from forks when workflows are triggered by thepull_requestevent, I'm switching the execution to be done onpull_request_trigger, which lifts said restrictions.Docs: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target