Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Project Management Automation: Avoid milestone task for forks #20049
The milestone Action currently generate errors for merged pull requests originating from a fork repository:
The milestone task was originally omitted from the conditional runs implemented in #20021 based on the incorrect assumption the merge event would be considered with higher permissions, even if the pull request being merged originated from a fork. This is clearly not the case, and it seems all
Understandably, this diminishes the value of this automation, as we can't rely that the milestone will have been applied.
Separately, there might be alternatives to explore here, where the event is handled in response to the commit as it ends up being pushed to master. In other words, some combination of:
If it happens in response to the
There's a note there about custom tokens as secrets. Based on the reasons these permissions are read-only in the first place (limiting what can be done from forks), I'm not entirely sure about how secure this would be.
epiqueras left a comment
GitHub is aware of this limitation and working on an alternative. Let's do this for now:
@aduth Do you want to tackle it, or should I?