Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC fails for pull request from forks #634

Open
omus opened this issue Jun 7, 2023 · 2 comments
Open

OIDC fails for pull request from forks #634

omus opened this issue Jun 7, 2023 · 2 comments

Comments

@omus
Copy link
Member

omus commented Jun 7, 2023
edited
Loading

Issue was noticed in #633 as this error when assuming the CI AWS role:

Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers

The issue is that we require id-token: write for OIDC auth but forks are restricted to read. There exists an option to address this for private repos but not for public repos.

Other somewhat useful links found while looking into this:

Introduced in #627
@omus omus changed the title OIDC fails for pull request from fork OIDC fails for pull request from forks Jun 7, 2023
@omus
Copy link
Member Author

omus commented Jun 7, 2023
edited
Loading

I only noticed this issue after we stopped using bors so it's possible that bors didn't have this problem with OIDC. We're still using bors on AWSS3.jl with OIDC so we can verify this once a non-member creates a PR there.

@iamed2
Copy link
Member

iamed2 commented Jun 7, 2023

A possible alternative: https://github.com/imjohnbo/ok-to-test

@ararslan ararslan mentioned this issue Feb 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@omus @iamed2