A simple proxy for PR comments. Works well with add-pr-comment. Workaround for GitHub making all token permissions read-only when a fork is submitted for a PR. See this discussion for more detail.
Requirements
- A personal access token with the
repo:public_reposscope if you're using this to support a public repo. Your use-case might require other scopes.
Run on Cloud Run
This app is a thin Node.js proxy around the create an issue comment GitHub endpoint that allows you to send requests with a GitHub Action's temporary token and create issue comments. It verifies that your request has a valid temporary token, but it's difficult to ensure any more than that. A shared secret cannot be used as GitHub will strip it when the fork's Actions run.