Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Workflow Runs #281

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Support Workflow Runs #281

wants to merge 4 commits into from

Conversation

techman83
Copy link

Due to security issues running untrusted checkouts from forks, access to things like secrets and tokens are blocked. It is possible to allow this, but it is not wise, and the recommended process is to use a workflow run call. This will add support for workflow_run based pull requests, allowing PRs to be commented upon, regardless of whether they are a fork or from a local branch.

@techman83 techman83 mentioned this pull request Mar 14, 2024
Closed
@techman83 techman83 force-pushed the feat/workflow_run branch 2 times, most recently from 5c49ace to 25a35ae Compare March 14, 2024 05:21
@techman83 techman83 mentioned this pull request Mar 23, 2024
Merged
@orgoro orgoro mentioned this pull request Mar 29, 2024
Closed
@techman83
Copy link
Author

I feel like the test for this may suffer from the same problem as this one solves 🙂

HttpError: Resource not accessible by integration
    at /home/runner/work/coverage/coverage/webpack:/typescript-action/node_modules/@octokit/request/dist-node/index.js:86:1
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

@techman83
Copy link
Author

I've split the workflows in the same manner as my PR recommends in terms of usage. It is notable that for this PR, coverage won't run, as the workflow needs to be in the default branch before it will become an action that can be triggered.

@techman83
Copy link
Author

@orgoro anything extra required for merge? I've been using my fork in my own workflows for a while now 🙂

@tdstein
Copy link

tdstein commented Jun 3, 2024

@techman83 - thanks for putting this together. I tried it out but ran into an error: https://github.com/posit-dev/posit-sdk-py/actions/runs/9353058789

It looks like the 'base' variable is undefined, which I believe stems from here: https://github.com/orgoro/coverage/pull/281/files#diff-a2a171449d862fe29692ce031981047d7ab755ae7f84c707aef80701b3ea0c80R19

I tried to determine the shape of context.payload.workflow_run.pull_requests[0] but couldn't figure it out.

Any thoughts or advice is appreciated. Thanks!

@techman83
Copy link
Author

@tdstein I'm not really sure, it has been working pretty reliably for most of my testing

The payload is what is in the github context, so being a workflow run, in here should be where it's at.
https://github.com/orgoro/coverage/pull/281/files#diff-a2a171449d862fe29692ce031981047d7ab755ae7f84c707aef80701b3ea0c80R23

Would need a sample of the github to get a better idea. Which you can dump using echo

    - run: echo "${{ toJson(github) }}"

It would be nice if actions/core had a workflow type that could be consumed, but that extended well beyond my available time for such things 🙂

@techman83
feat: Support workflow_run pull requests
42fbc27 
Due to security issues running untrusted checkouts from forks, access to things
like secrets and tokens are blocked. It is possible to allow this, but it is
not wise, and the recommended process is to use a workflow run call. This will
add support for workflow_run based pull requests, allowing PRs to be commented
upon, regardless of whether they are a fork or from a local branch.

fixes orgoro#259
@techman83
build: Dist file updates
99dd79f
@techman83
ci: Bump Actions to V4
6ff04fc
@techman83
ci: Split workflows
67c99eb 
Cover workflow fails for the same reason as this PR is attempting to
resolve. Splitting them in the same manner.
@techman83
Copy link
Author

Rebased off current main 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orgoro orgoro orgoro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@techman83 @tdstein @orgoro