CodelyTV/pr-size-labeler

Question: Does this action work with pull requests from forks?

alexearnshaw opened this issue ยท 5 comments

Hi, I'm looking for an app or action to label pull requests with a size based on LOC. This action looks perfect, but another similar action I tried did not work on PRs created from forks (which is the majority of PRs in our project). Can you confirm if this action will work on PRs from forks?

It works! But if it's a fork you need to do some changes.

I'll change the README to reflect it (I'll close this issue when this is done). But for now:

If it's a fork you can't use the secrets.GITHUB_TOKEN because this belongs only to your project, so a fork won't have access to it.
To be able to use it, you should create a custom token from a user of your organization (usually you create a "bot" user for it, like ours) and then add this token to your repository secrets (usually with a GITHUB_BOT_TOKEN name or similar).

So, instead of having something like:

steps:
    - uses: codelytv/pr-size-labeler@v1
      with:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

You'll have:

steps:
    - uses: codelytv/pr-size-labeler@v1
      with:
        GITHUB_TOKEN: ${{ secrets.GITHUB_BOT_TOKEN }}

If you don't want to create a new user you can create a personal token from any member of your organization. But then on every pull request, when autolabeled, instead of "github-bot have added some label" you'll have "This user has added some label".

I guess it's the same problem you have with other Actions, the solution it's the same for everyone. ๐Ÿ˜Š

Thanks so much @rgomezcasas I'll give that a try!

@rgomezcasas I'm hoping you can help me a little more. I've followed the instructions above and this action is now working for PRs created from branches of the repo (see the PR where I added it where it was correctly labeled)
However, it's not working correctly for a PR from a fork - see 2 examples here https://github.com/Axway/axway-open-docs/pull/612 and https://github.com/Axway/axway-open-docs/pull/610)

This is the output of the action:
image

The bot user I created docsbuilder has write access to our repo and the token I created for this user has been granted all scopes. Am I missing something?

@alexearnshaw @rgomezcasas I don't suppose anyone found any workaround or alternative for this to work from PRs from forks? Exactly the scenario I was hoping to cover.

I resolved this by using pull_request_target as the target, since that GITHUB_TOKEN has read and write permissions ๐Ÿ‘๐Ÿป

https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target