Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PR against fork #143

Closed
jderusse opened this issue Mar 27, 2020 · 5 comments · Fixed by #144
Closed

PR against fork #143

jderusse opened this issue Mar 27, 2020 · 5 comments · Fixed by #144

Comments

@jderusse
Copy link
Contributor

This issue is not identical to #71

The purpose is to run the Action in the main repo. But use SSH to push code in a fork.

Why:

  • least privilege: the SSH key does not grant access to the main repo, but just to a fork
    - name: Set up SSH
      uses: webfactory/ssh-agent@v0.2.0
      with:
        ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

    - name: Checkout via SSH
      run: |
        git clone --branch master git@github.com:${{ github.repository }}.git .
        git remote set-url origin git@github.com:fork/fork.git .

    - name: Task
      run: |
        touch foo
   
    - name: Create Pull Request
      uses: peter-evans/create-pull-request@v2
      with:
        token: ${{ secrets.GITHUB_TOKEN }}
        branch: fork:bot-code-update <= ??
        head_repository: fork <= ??
@peter-evans
Copy link
Owner

Hi @jderusse

Interesting use case! Try the following workflow. I've not had chance to test it yet, but I think it might work. You will need to create a repo scoped Personal Access Token (PAT) so that the main repo can create a pull request in the remote repository.

Do you need the Task step? I'm assuming you just want to update the fork's master branch from the master branch of the main repo.

    - name: Set up SSH
      uses: webfactory/ssh-agent@v0.2.0
      with:
        ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

    - uses: actions/checkout@v2
       with:
         ref: master

    - name: Set remote URL
      run: |
        git remote set-url origin git@github.com:fork/fork.git .
   
    - name: Create Pull Request
      uses: peter-evans/create-pull-request@v2
      with:
        token: ${{ secrets.PAT }}
        branch: bot-code-update

@jderusse
Copy link
Contributor Author

jderusse commented Mar 27, 2020

hello @peter-evans, thanks for the fast reply

I think there is a missunderstood. The PR should not be created on the fork repo, but in the main repo. The fork is used for the "head" of the PR.

In fact I try to use the exact same workflow when creating a standard PR by human

  • go to project's main repo
  • fork
  • push commit on the fork
  • create a PR on the main repo

I can "push commit on the fork" change thanks SSH private key (FYI, we don't use "deploy key", but crated a bot-user, the fork belongs to the bot)

Issue is: how to tell peter-evans/create-pull-request that base and head don't have the same repo

I followed your snippet (https://github.com/async-aws/aws/pull/375/files) but the Action seem to generate a PR in the fork (https://github.com/async-aws/aws/runs/539592083?check_suite_focus=true). see PR #1 in Created pull request #1 (bot-code-update => master)

Thanks for your help

@jderusse
Copy link
Contributor Author

jderusse commented Mar 27, 2020

I think the "issue" (or enhancement) is here

pull_request = github_repo.create_pull(
title=title, body=body, base=base, head=branch
)

We should be able to provide the head repositorylike described in "https://developer.github.com/v3/pulls/#input"

    if head_repository is None:
      head_repository = github_repository.split("/")[0]
    head_branch = "{}:{}".format(head_repository, branch)
    try:
        pull_request = github_repo.create_pull(
            title=title, body=body, base=base, head=head_branch
        )
        print(f"Created pull request #{pull_request.number} ({branch} => {base})")
    except GithubException as e:
        if e.status == 422:
            # A pull request exists for this branch and base
            # Get the pull request
            pull_request = github_repo.get_pulls(
                state="open", base=base, head=head_branch
            )[0]
            # Update title and body
            pull_request.as_issue().edit(title=title, body=body)
            print(f"Updated pull request #{pull_request.number} ({branch} => {base})")
        else:
            print(str(e))
            raise

where head_repository is a new optionnal parameter provided by user

@peter-evans
Copy link
Owner

Thanks for explaining further. I understand what you want to do now. Essentially, you want to push the branch to a fork and pull request to the current repository using the branch in the fork. I see how this makes sense if you use SSH because the key can just have permission for the fork not the main repo. 👍

Thanks for having a shot at implementing this. I'll take a look at your PR and make some comments.

@peter-evans
Copy link
Owner

Thank you again for contributing this feature!

I've released it as v2.5.0 or follow the major version v2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants