New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Skip signing if key pass isn't available #377
Skip signing if key pass isn't available #377
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think build's should build for PRs. This is useful for internal development (although whether the developer uses this workflow or not is up to them) to confirm that CI works before a release is tagged. If your builds only run on tagged releases chances are your releases will be broken the first time around when it comes time for them.
Also GitHub has some plumbing to block CI runs on PRs for first time contributors, and for returning contributors having builds in place serves a purpose.
I suggest instead fixing the builds so the signing step is optional and only runs when the source repo is this repo and run everything else as normal.
Reasonable, but it does depend on developer workflow, and that hasn't been established yet.
That plumbing is already enabled for this repo, but because environment secrets don't get passed it leads to breakage when secrets are involved.
That's my favorite solution, ...and I just figured out how to do that, revising PR |
b460da9
to
988c2c8
Compare
988c2c8
to
b1a68cf
Compare
aa55da5
to
64a4857
Compare
64a4857
to
ae5dd6a
Compare
See https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#pull-request-events-for-forked-repositories With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository.
ae5dd6a
to
65b3620
Compare
Thank you! |
Environmental secrets are not shared to workflows run from forks without extra work by Maintainers.
The existing build workflow uses a secret to sign windows exe's and is breaking for all external PRs.
See: #353 (comment)