New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Token-free upload for public repositories #11
Comments
Yes please, it's especially important to get coverage for PRs from forks. Azure Pipelines has a workaround to "Make secrets available to builds of forks", but GitHub Actions not: I guess the workaround for GitHub Actions is to just put the token as plaintext. As that link says, "However, the token is worthless for anything except uploading coverage and it’s easy to see when someone does it." |
Same problem with Github Actions. |
We're currently actively working to support tokenless upload from azure pipelines. However, this feature in general is strongly driven by what's available in public rest apis from the CI providers we integrate with. AFAIK there is no GitHub actions API we can leverage to support tokenless upload for GitHub actions. When that happens, we will work to get tokenless upload for GitHub actions supported. Closing now since we cannot do anything about this issue until an api is available. |
I suggest posting a request in https://github.community/t5/GitHub-Actions/bd-p/actions detailing what sort of API is needed. Actions is in beta and they're taking a look at another request I posted. Thanks! |
@hootener as a temporary solution could it use a standard
|
Are there plans to support commit-status-based uploads like on other CI providers?
Besides UX improvements, the recommended way of storing token as a secret doesn't seem to work on pull requests originating from forks, because secrets aren't available there.
The text was updated successfully, but these errors were encountered: