Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper handling of fork CLA checks #6

Closed
cliffchapmanrbx opened this issue Jun 12, 2020 · 0 comments · Fixed by #7 or #8
Closed

Improper handling of fork CLA checks #6

cliffchapmanrbx opened this issue Jun 12, 2020 · 0 comments · Fixed by #7 or #8
Labels
bug Something isn't working

Comments

@cliffchapmanrbx
Copy link
Contributor

Describe the bug

When opening a fork-based PR the secret value for the remote repo PAT is not supplied for security reasons. This causes an error as that input is marked as required and it is blank.

To Reproduce

Open a PR from a fork.

Suggested fix:

Add a unit test for this situation as it should be handled gracefully. The remote repo should be anonymous-readable so that the PAT is not mandatory for read operations.

On the other hand, if we attempt to write to a remote repo while we lack a remote repo PAT we should fail.
@cliffchapmanrbx cliffchapmanrbx added the bug Something isn't working label Jun 12, 2020
@cliffchapmanrbx cliffchapmanrbx mentioned this issue Jun 12, 2020
Merged
@cliffchapmanrbx cliffchapmanrbx mentioned this issue Jun 12, 2020
Merged
@cliffchapmanrbx cliffchapmanrbx linked a pull request Jun 12, 2020 that will close this issue
Add readonly token catch to comment write #8
Merged
Gudahtt added a commit to Gudahtt/cla-signature-bot that referenced this issue Aug 25, 2020
@Gudahtt
Switch to pull_request_target
7cb6999 
The event `pull_request_target` is now used to trigger this workflow,
instead of `pull_request`. This ensures the workflow can run properly
on forks (related: Roblox#6).

You can read more about this new event here:
https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/
@Gudahtt Gudahtt mentioned this issue Aug 25, 2020
Open
Gudahtt added a commit to Gudahtt/cla-signature-bot that referenced this issue Aug 25, 2020
@Gudahtt
Switch to pull_request_target
77bdcc5 
The event `pull_request_target` is now used to trigger this workflow,
instead of `pull_request`. This ensures the workflow can run properly
on forks (related: Roblox#6).

You can read more about this new event here:
https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
1 participant
@cliffchapmanrbx