Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not working with PR from fork #25

Closed
mbrodala opened this issue Oct 7, 2021 · 5 comments
Closed

Not working with PR from fork #25

mbrodala opened this issue Oct 7, 2021 · 5 comments

Comments

@mbrodala
Copy link

mbrodala commented Oct 7, 2021

tibdex/backport#33 recommends setting up this action job to work around the limitations of the GITHUB_TOKEN.

However, it seems like the same limitation applies to an app ID and client secret if it is injected via (organisation) secrets:

Secrets are not passed to workflows that are triggered by a pull request from a fork. Learn more.

So, how is this supposed to work exactly?
@mbrodala
Copy link
Author

mbrodala commented Oct 7, 2021
edited
Loading

Here are 2 commits where I tried to set this up:

TYPO3-Documentation/TYPO3CMS-Reference-CoreApi@03f75bf
TYPO3-Documentation/TYPO3CMS-Reference-CoreApi@88b91e3

The current .github/workflows/backport.yml:

name: Backport
on:
  pull_request:
    types:
      - closed
      - labeled

jobs:
  backport:
    runs-on: ubuntu-18.04
    name: Backport
    steps:
      - name: Generate token
        id: generate_token
        uses: tibdex/github-app-token@v1
        with:
          app_id: ${{ secrets.BACKPORT_APP_ID }}
          private_key: ${{ secrets.BACKPORT_APP_SECRET }}
      - name: Backport
        uses: tibdex/backport@v1
        with:
          github_token: ${{ steps.generate_token.outputs.token }}

The BACKPORT_APP_ID and BACKPORT_APP_SECRET have been set in the organisation secrets.

The result: https://github.com/TYPO3-Documentation/TYPO3CMS-Reference-CoreApi/pull/1552/checks?check_run_id=3825926413

Run tibdex/github-app-token@v1
  with:
Error: Error: Input required and not supplied: app_id

@jlaura
Copy link

jlaura commented Oct 27, 2021

Same experience. APP_ID and APP_SECREt_KEY are set on the repo in the organization for me. If that helps at all.

@tibdex
Copy link
Owner

tibdex commented Nov 6, 2021

That's because secrets are not passed to the runner when a workflow is triggered from a forked repository.

@mbrodala
Copy link
Author

mbrodala commented Nov 8, 2021
edited by tibdex
Loading

@tibdex Exactly, that's what I wrote already. ;-)

So technically none of this is supposed to work for repositories which are updated by forks? Then this should be written clearly in https://github.com/tibdex/github-app-token and https://github.com/tibdex/backport.

@tibdex
Copy link
Owner

tibdex commented Nov 8, 2021

The issue is not intrisinc to github-app-token. If you find a way to pass the app_id and private_key without relying on secrets it will work.

@tibdex tibdex closed this as completed Nov 8, 2021
@batistein batistein mentioned this issue Jan 26, 2023
Closed
@rettigl rettigl mentioned this issue Nov 11, 2023
Merged
@gitcoindev gitcoindev mentioned this issue Mar 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jlaura @mbrodala @tibdex