Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doesn't work on pr from forks #4

Closed
crondaemon opened this issue Apr 4, 2020 · 4 comments · Fixed by #6
Closed

Doesn't work on pr from forks #4

crondaemon opened this issue Apr 4, 2020 · 4 comments · Fixed by #6
Assignees
@superbrothers

Comments

@crondaemon
Copy link

Hi
I've investigated a bit and it looks like your action doesn't work with forks since the fork user cannot access the github token. Can you confirm this? Is there a way to circumvent this issue?
@Lekensteyn
Copy link

Is this accurate? Doesn't this require a secret token to be created on the main repo?

See also "About the GITHUB_TOKEN secret" in https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token

@crondaemon
Copy link
Author

When a fork opens a pull request on the upstream repo, the action fired runs on the forked repo, not the upstream. The forked repo doesn't have access to the access tokens created on the upstream repo. As the owner of the forked repo can't merge the PR on the upstream, as their actions can't.

ghost pushed a commit to wireshark/wireshark that referenced this issue Apr 7, 2020
@Lekensteyn @alagoutte
Revert "github: add action to automatically close pull requests."
3b7ae88 
This reverts commit b7f38ef.

This GitHub action does not seem to work, perhaps because no
authentication token was installed in the Wireshark project on GH? See
also superbrothers/close-pull-request#4

Change-Id: I084547028dd1de7852aaa5f9e923efa8a69d4244
Reviewed-on: https://code.wireshark.org/review/36718
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
@superbrothers
Copy link
Owner

Thanks for reporting. I'll check it out.

@superbrothers superbrothers self-assigned this Apr 10, 2020
@superbrothers
Copy link
Owner

The forked repo doesn't have access to the access tokens created on the upstream repo.

This is mostly correct. It turns out that GITHUB_TOKEN can only work on pull requests from a branch of the same repository, since it only gives "read" permissions to GITHUB_TOKEN in a forked repository.

This is the same restriction in actions/labeler.

Note that only pull requests being opened from the same repository can be labeled. This action will not currently work for pull requests from forks -- like is common in open source projects -- because the token for forked pull request workflows does not have write permissions.

Unfortunately, there seems to be no way around this restriction at the moment.

@superbrothers superbrothers mentioned this issue Apr 20, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@superbrothers superbrothers

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add a note that this action does not work for PRs from forks superbrothers/close-pull-request
3 participants
@Lekensteyn @superbrothers @crondaemon