Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support public repo PR workflow #56

Merged
merged 21 commits into from
Feb 20, 2021
Merged

Support public repo PR workflow #56

merged 21 commits into from
Feb 20, 2021

Conversation

dorny
Copy link
Owner

@dorny dorny commented Feb 15, 2021
edited
Loading

Creating check runs requires access token with write permission.
This is usually not an issue with default ${{ github.token }}.
However this default token lacks write permission when workflow is triggered by PR from forked repo.
It's a security restriction - otherwise it would be possible to get access token to any public repo by simply forking it and creating PR.

There are two workarounds to this problem:

pull_request_target runs in the context of the base of the PR and has write access. It can process event payload in some way. However we need test results from code in target branch and there's no way how to get it.

workflow_run runs in the context of repo default branch and can be triggered when some other workflow is completed.

Therefore our solution is to use two separate workflows:

  1. Workflow is triggered by pull_request event. Tests are executed and results are uploaded as artifacts
  2. workflow_run is triggered afterwards, it downloads artifact with test results and creates test reports

This PR adds support for this workflow.
In this case it's also required to get list of files in target branch using GitHub APIs instead of relying on local clone of repo.

@dorny
Add support for loading test results from artifacts
3510d9a
@dorny
Add artifact input to action.yml + improve logging
075144b
@dorny
Fix regex parsing in artifact-provider
064a15c
@dorny
Fix artifact download
1f5bb98
@dorny
Use got to fetch artifact URL
52024f7 
See issue: octokit/request.js#240
@dorny
Pass auth token to got request
8819b4b
@dorny
Show artifact download progress
da9cc2c
@dorny
artifact-provider: improve logging
1ae86a1
@dorny
Removed progress percentage as there is no way to deduce content length
e356ffe
@dorny
Fix artifact-provider zip processing and report name generation
89f214d
@dorny
Extend CI to test artifact mode
323e750
@dorny
Remove continue-on-error: true from CI + add checkout on second job
e31d426
@dorny
Improve logging
09d1ac9
@dorny
Improve logging
c5671cf
@dorny
Improve logging & fix wrong SHA used
96237b3
@dorny
Misc fixes + test sleep before artifact-test
93c3964
@dorny
Fail the action if no test results are processed
8efb156
@dorny
Remove artifact-test from CI
3340176 
Artifacts via public API are not available before whole workflow is finished. Therefore it's not possible to execute test this way
@dorny
Update README
577cc33
@dorny
Fail the action if triggering workflow run has been cancelled
4e1eb73
@dorny dorny changed the title WIP: Support public repo PR workflow Support public repo PR workflow Feb 20, 2021
@dorny dorny added the enhancement New feature or request label Feb 20, 2021
@dorny dorny merged commit 603e845 into main Feb 20, 2021
@dorny dorny deleted the artifacts-support branch February 20, 2021 13:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@dorny