`push-to-fork` won't push to sibling repos in the same network #2412

bgilbert · 2023-09-28T11:47:12Z

Subject of the issue

Consider a setup where a repo upstream/repo has a workflow w that creates PRs to upstream/repo, but w should run without write access to upstream/repo. To achieve this, there's an unprivileged bot account bot with a fork of upstream/repo (bot/repo) and upstream/repo has a Personal Access Token for bot in its secrets. w runs with no permissions (permissions: {contents: none}), uses the bot credential to check out upstream/repo, and uses push-to-fork to submit PRs from a bot/repo branch.

Now I'd like to modify w and test my changes. I think these are my options:

Fork upstream/repo to bgilbert/repo, set up my fork with a PAT for bot (or for a separate bot-staging account, to avoid testing with the prod account), and run the workflow. This fails with:
```
Error: Repository 'bot/repo' is not a fork of 'bgilbert/repo'. Unable to continue.
```
When testing w, disable push-to-fork and set permissions: {contents: write, pull-requests: write}, so that PRs to bgilbert/repo are created from branches in bgilbert/repo. This is what I've been doing, but as a result I'm testing w with more permissions than it'll have in production. I've definitely pushed broken code to prod as a result of this.
Create my own bgilbert-bot account containing a fork of bgilbert/repo. This lets me test with an environment similar to prod, but requires me to have a second GitHub account for testing, and accounts are pretty heavyweight. If w has multiple developers, they each need their own bot account (or to share an account but constantly delete and recreate its fork), since an account can't have multiple forks of forks of upstream/repo.

Could the "is not a fork of" test be removed? GitHub doesn't require it; any repo in the network of upstream/repo can send PRs to any other repo in the network.

Steps to reproduce

I don't have a minimized reproducer handy, but could create one if needed.

The text was updated successfully, but these errors were encountered:

bgilbert · 2023-09-29T02:02:31Z

Proof-of-concept fix in #2414.

Fixes #2412.

peter-evans · 2023-09-29T15:37:15Z

@bgilbert

I've added this change to the v6 release candidate. You can use it like this:

      - uses: peter-evans/create-pull-request@v6-rc

I'll be releasing v6 at some point in the near future.

Fixes #2412.

* feat: update author and committer input defaults * Update github-actions[bot] * Update author to new email format * feat: optional input for git ops token * feat: allow push-to-fork to push to sibling repos (#2414) Fixes #2412. * build: update dist * feat: update action runtime to node 20 (#2340) * feat: add truncate warning to pull request body * perf: unshallow only when necessary * fix: remove the remote for the fork on completion * feat: infer github server and api urls * test: integration test fixes * build: bump major version * docs: update to v6 --------- Co-authored-by: Teko <112829523+Teko012@users.noreply.github.com> Co-authored-by: Benjamin Gilbert <bgilbert@backtick.net>

peter-evans · 2024-01-31T11:20:48Z

I've now released v6. Thanks for your patience.

* feat: update author and committer input defaults * Update github-actions[bot] * Update author to new email format * feat: optional input for git ops token * feat: allow push-to-fork to push to sibling repos (peter-evans#2414) Fixes peter-evans#2412. * build: update dist * feat: update action runtime to node 20 (peter-evans#2340) * feat: add truncate warning to pull request body * perf: unshallow only when necessary * fix: remove the remote for the fork on completion * feat: infer github server and api urls * test: integration test fixes * build: bump major version * docs: update to v6 --------- Co-authored-by: Teko <112829523+Teko012@users.noreply.github.com> Co-authored-by: Benjamin Gilbert <bgilbert@backtick.net>

bgilbert closed this as completed Sep 29, 2023

bgilbert reopened this Sep 29, 2023

bgilbert mentioned this issue Sep 29, 2023

RFC: allow push-to-fork to push to sibling repos #2414

Merged

peter-evans pushed a commit that referenced this issue Sep 29, 2023

feat: allow push-to-fork to push to sibling repos (#2414)

bba68d5

Fixes #2412.

peter-evans pushed a commit that referenced this issue Sep 29, 2023

feat: allow push-to-fork to push to sibling repos (#2414)

7d12277

Fixes #2412.

peter-evans pushed a commit that referenced this issue Nov 30, 2023

feat: allow push-to-fork to push to sibling repos (#2414)

9062a7a

Fixes #2412.

peter-evans pushed a commit that referenced this issue Dec 19, 2023

feat: allow push-to-fork to push to sibling repos (#2414)

4a2f9e2

Fixes #2412.

peter-evans pushed a commit that referenced this issue Dec 27, 2023

feat: allow push-to-fork to push to sibling repos (#2414)

bc19069

Fixes #2412.

peter-evans pushed a commit that referenced this issue Jan 31, 2024

feat: allow push-to-fork to push to sibling repos (#2414)

a5ba1b9

Fixes #2412.

peter-evans mentioned this issue Jan 31, 2024

V6 #2717

Merged

peter-evans closed this as completed in #2717 Jan 31, 2024

peter-evans closed this as completed in 1232200 Jan 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`push-to-fork` won't push to sibling repos in the same network #2412

`push-to-fork` won't push to sibling repos in the same network #2412

bgilbert commented Sep 28, 2023

bgilbert commented Sep 29, 2023

peter-evans commented Sep 29, 2023

peter-evans commented Jan 31, 2024

push-to-fork won't push to sibling repos in the same network #2412

push-to-fork won't push to sibling repos in the same network #2412

Comments

bgilbert commented Sep 28, 2023

Subject of the issue

Steps to reproduce

bgilbert commented Sep 29, 2023

peter-evans commented Sep 29, 2023

peter-evans commented Jan 31, 2024

`push-to-fork` won't push to sibling repos in the same network #2412

`push-to-fork` won't push to sibling repos in the same network #2412