Not working with PR from fork
Closed this issue · 5 comments
tibdex/backport#33 recommends setting up this action job to work around the limitations of the GITHUB_TOKEN.
However, it seems like the same limitation applies to an app ID and client secret if it is injected via (organisation) secrets:
Secrets are not passed to workflows that are triggered by a pull request from a fork. Learn more.
So, how is this supposed to work exactly?
Here are 2 commits where I tried to set this up:
TYPO3-Documentation/TYPO3CMS-Reference-CoreApi@03f75bf
TYPO3-Documentation/TYPO3CMS-Reference-CoreApi@88b91e3
The current .github/workflows/backport.yml:
name: Backport
on:
pull_request:
types:
- closed
- labeled
jobs:
backport:
runs-on: ubuntu-18.04
name: Backport
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@v1
with:
app_id: ${{ secrets.BACKPORT_APP_ID }}
private_key: ${{ secrets.BACKPORT_APP_SECRET }}
- name: Backport
uses: tibdex/backport@v1
with:
github_token: ${{ steps.generate_token.outputs.token }}The BACKPORT_APP_ID and BACKPORT_APP_SECRET have been set in the organisation secrets.
The result: https://github.com/TYPO3-Documentation/TYPO3CMS-Reference-CoreApi/pull/1552/checks?check_run_id=3825926413
Run tibdex/github-app-token@v1
with:
Error: Error: Input required and not supplied: app_id
Same experience. APP_ID and APP_SECREt_KEY are set on the repo in the organization for me. If that helps at all.
@tibdex Exactly, that's what I wrote already. ;-)
So technically none of this is supposed to work for repositories which are updated by forks? Then this should be written clearly in https://github.com/tibdex/github-app-token and https://github.com/tibdex/backport.
The issue is not intrisinc to github-app-token. If you find a way to pass the app_id and private_key without relying on secrets it will work.