I feel silly even typing that title as I’m sure I’ve missed something…
We have an open source project that is using GitHub Actions as the CI/CD and all has been working great for our team members.
But when someone outside of our organization forks our repo and submits a PR, our GHA fails due to missing tokens. I do understand that care must be taken to not expose secrets outside of the organization, but I also must believe that this is possible somehow, or GHA cannot be a viable CI/CD solution for open source projects.
I had thought that
pull_request_target may solve that very issue, but we haven’t had luck there either.
Any info or pointers would be greatly appreciated