Docusaurus build action does not add a comment with the website preview URL

This thread directly relates to the following issue raised in the FINOS Open Developer Platform issues …

https://github.com/finos/open-developer-platform/issues/74

Description

This issue directly relates to the 100% completion of #19. When the Docusaurus Build action runs it should add the following comment:

Website preview is available at https://<username>.github.com/<repository name>

Issue Experienced
Code is available but fails with a 403 error, as documented on https://github.com/danger/danger-js/issues/918

Workaround to Automate
Manually adding the comment to the PR description/comments solves the issues, but this needs to be automated in order to resolve and fully scale.

@mcleo-d ,

Do you mean when you create a PR to merge some modified files from the forked repository to the original repository, and in the workflow triggered by the PR, has a step to add the specified comment to the PR? And you also use the GITHUB_TOKEN ( ${{ secrets.GITHUB_TOKEN }} ) to authenticate in the workflow run, right?

If so, you need to know (more details, see here):

Secrets are not passed to the runner when a workflow is triggered from a forked repository.

I think this should be the root cause of the problem you are facing, and this is a designed behavior for security policy.

1 Like

@brightran 

Thanks so much for your reply. I’ve tagged maoo, FINOS Director of DevOps, in this thread so you’re provided with a first hand response to your awesome observation.

Thanks once again for the prompt response.

James. 

Thanks @brightran for your help!

You can check the action on https://github.com/finos/open-developer-platform/blob/master/.github/workflows/docusaurus.yml

On line 73 you’ll see the commented block of code that is not working right now.

# TODO Getting 403 as described on https://github.com/danger/danger-js/issues/918
# - name: Add comment to PR
# if: github.event_name == 'pull_request'
# uses: unsplash/comment-on-pr@master
# with:
# msg: "Website preview available at https://${{ github.actor }}.github.io/${{ env.REPO_NAME }}"
# - name: Comment backup step
# if: failure()
# run: echo "Could not add comment, see error above"

You’ll also notice that the triggers include 

pull_request:
    paths:
      - '.github/workflows/docusaurus.yml'
      - 'docs/**'
      - 'website/**'

Which means that the action is triggered in the main repository and not in the forked ones. I am aware of the security restriction to remove GitHub secrets from forked repositories, but this is not the case for our issue.

I wonder if there are other actions (maybe GitHub official actions) that allow to add a comment to a PR, as it seems like a quite common requirement for an action; alternatively, I can work around it by directly invoking GitHub APIs. Right now we’re using “unsplash/comment-on-pr@master”

Thanks!

  mao

@maoo ,

There is a GitHub official action (actions/first-interaction) can add comments to issue and pull request, but it can’t add comments anytime you want, it just shows the specified greetings to the new contributors when they create their first issue or open their first pull request. Except this, we have no other GitHub official actions can add comments to pull request.

Actually, you can try to find an action from GitHub Marketplace, in the marketplace you may find an action that can add comments to pull request.

The following actions are what I can find from the marketplace, may be useful to you:

Comment Pull Request

commentator-action

1 Like

Very helpful @brightran , thanks!

I’ll check the actions you mentioned; as last resort, I can directly call APIs, as I did here

https://github.com/finos/open-developer-platform/blob/master/.github/workflows/meetings.yml#L66

Thank you!

@maoo ,

You’re welcome.

If you have any other question about this ticket, feel free to tell me.

1 Like

Hey @brightran , check this out - https://github.com/peter-evans/create-or-update-comment

Exactly what I needed.

Thanks for your help!

mao

@maoo ,

That’s great. Thanks for sharing this. 

Have a nice day.

Hey @maoo, how did you pass in the GitHub token or PAT to peter-evans’s action? Since you guys are using a fork GitHub workflow, how do you bypass GitHub’s security measures.

I’m asking because we are running into the same issue :sweat_smile:

Hey @Thomas-Boi ! We always pass {{ secrets.GITHUB_TOKEN }} as authentication, and that will inherit permission of the GitHub user triggering the build event.

If someone is raising the PR, her/his user token will be used, and the user will be the comment signee.

Any permission challenge should be addressed via GitHub repo/team/org permissions . If you’d rather want to comment on behalf of a super user, you can store that token as GitHub Secret and use it in the action.

Hope this helps, please let me know if I didn’t get your question right!

mao

1 Like