-
Hello I am able to trigger a job only when a particular label gets added to the pull request. As first step I would like to remove the label. This is the workflows file:
And this is the output I get from the
Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
The PR comes from a fork and I think the GITHUB_TOKEN only has read permission if workflows comes from a fork. So I created a new personal access token and I place it as a secret, and I have updated my step:
Now the error I get is:
Probably because the secret is empty probably because of this doc
Not sure how to get around it 😫 This is an open source project, people will mainly contribute via FORK and that’s why we are using a label as a gatekeeper to trigger a particular action |
Beta Was this translation helpful? Give feedback.
-
As the docs has mentioned, when a workflow is triggered from a forked repository:
If you want the action ‘actions-ecosystem/action-remove-labels@v1’ you are using in your workflow can remove labels from the pull request, the token used to authenticate must have the ‘write’ permission for pull request in the repository. There is a good news is that the appropriate engineering team is planing to add an option “Send secrets to pull request workflows from forks” to the settings for Actions permissions. |
Beta Was this translation helpful? Give feedback.
@gianarb,
As the docs has mentioned, when a workflow is triggered from a forked repository:
With the exception of GITHUB_TOKEN, secrets are not passed to the runner.
The GITHUB_TOKEN only has ‘read’ permission. For more information, see “Permissions for the GITHUB_TOKEN”.
If you want the action ‘actions-ecosystem/action-remove-labels@v1’ you are using in your workflow can remove labels from the pull request, the token used to authenticate must have the ‘write’ permission for pull request in the repository.
However, as mentioned above, due to the workflow is triggered from a forked repository, there is not any available and safe way to pass the token which has the ‘write’ permission …