fix(ci): skip PR comment steps for fork PRs#499
Merged
superdav42 merged 1 commit intomainfrom Mar 26, 2026
Merged
Conversation
Fork PRs run with a restricted GITHUB_TOKEN that cannot write to the base repo's issues/PRs (GitHub security restriction). Both 'Build Plugin for Testing' and 'WP Performance Metrics' jobs were failing at the comment-on-PR step with HTTP 403 'Resource not accessible by integration'. Add `github.event.pull_request.head.repo.full_name == github.repository` guard to all PR comment steps so they are skipped for fork PRs. Build artifacts and performance results are still uploaded and accessible via the Actions run URL and workflow summary. Fixes CI failures on external contributor PRs (e.g. PR #491).
Contributor
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Performance Test Results Performance test results for 8b3f8c6 are in 🛎️! URL:
|
🔨 Build Complete - Ready for Testing!📦 Download Build Artifact (Recommended)Download the zip build, upload to WordPress and test:
🌐 Test in WordPress Playground (Very Experimental)Click the link below to instantly test this PR in your browser - no installation needed! Login credentials: |
superdav42
added a commit
to vuckro/multisite-ultimate
that referenced
this pull request
Mar 26, 2026
All CI checks passing. Fixes fork PR comment permission failures.
superdav42
added a commit
that referenced
this pull request
Mar 26, 2026
…+ fix admin fatal error + CI for fork PRs (#491) * fix(api): serialize Note and Limitations objects, add description to Site REST response The Note and Limitations classes were not implementing JsonSerializable, causing json_encode() to produce empty arrays instead of their actual data in REST API responses. Additionally, Site::to_array() was not calling get_description() which lazy-loads from wp_options. Changes: - Note: implement JsonSerializable, calling existing to_array() - Limitations: implement JsonSerializable, calling existing to_array() (complements the existing __serialize() used by PHP serialize()) - Site::to_array(): add description via get_description() Closes #490 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(api): load notes and limitations in Site::to_array() JsonSerializable alone is not sufficient — the properties must also be loaded before parent::to_array() serializes them. Add explicit calls to get_notes() and get_limitations() in Site::to_array(). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(admin): change add_fields_widget visibility from protected to public Site_Exporter::register_site_edit_widgets() calls $page->add_fields_widget() externally via the wu_edit_site_page_register_widgets hook, but the method was protected, causing a fatal error when the Site Exporter module is active. This also enables third-party extensions to add custom widgets to edit pages through the same hook pattern. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(api): add to_array() override to Membership model for meta-stored fields Membership has two lazy-loaded properties (cancellation_reason, discount_code) that are fetched from the meta table only when their getter is called. Without this override, these fields return null in REST API responses. Follows the same pattern used by Site, Product, Customer, Payment, Email, Broadcast, and Checkout_Form models. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(ci): write placeholder when secrets are unavailable in fork PRs GitHub does not share repository secrets with workflows triggered by pull requests from forks. This caused encrypt-secrets.php to exit(1) and fail the build for all external contributions. Write a placeholder inc/stuff.php with empty values instead of crashing, so the CI pipeline completes. The plugin will function normally — just without addon API credentials in the test artifact. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(api): load billing_address and notes in Customer::to_array(), add JsonSerializable to Billing_Address Customer::to_array() was missing calls to get_billing_address() and get_notes(), causing both fields to return null in REST API responses even when data exists in the database. Billing_Address, like Note, has protected $attributes and a to_array() method but was not implementing JsonSerializable, so json_encode() could not access its data. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(ci): preserve existing inc/stuff.php, use stderr for warning Address CodeRabbit review: don't overwrite inc/stuff.php if it already exists with valid encrypted credentials. Only write the placeholder when the file is missing entirely. Use stderr for the warning message to keep stdout clean for build output. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(ci): skip PR comment steps for fork PRs (#499) All CI checks passing. Fixes fork PR comment permission failures. --------- Co-authored-by: Valentin Vuckovic <vucko@MacBookPro.lan> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: David Stone <david@nnucomputerwhiz.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the 'Build Plugin for Testing' and 'WP Performance Metrics' CI failures that affect all external contributor (fork) PRs, including #491.
Root Cause
GitHub restricts
GITHUB_TOKENwrite permissions for fork PRs — the token cannot write to the base repo's issues/PRs. Both failing jobs attempted to post PR comments using this token, resulting in HTTP 403Resource not accessible by integration.This is a standard GitHub security restriction: fork PRs run with a read-only token to prevent untrusted code from writing to the base repo.
Fix
Added
github.event.pull_request.head.repo.full_name == github.repositorycondition to all PR comment steps in both workflows. This skips the comment steps for fork PRs while keeping them active for PRs from the same repo.pr-build-test.yml: Comment on PR step now skipped for forkstests.yml: Both "Check if a comment was already made" and "Comment on PR with performance results" steps now skipped for forksBuild artifacts and performance results are still uploaded as GitHub Actions artifacts and shown in the workflow summary — they're just not posted as PR comments for fork PRs.
Impact
Unblocks PR #491 and all future external contributor PRs.