Now that every commit on a community PR needs to be looked at by maintainers and approved in order for the Actions workflows to run, shouldn’t it then also add the repo secrets?
Or if that’s too risky/unexpected, maybe add a little chevron to the approve button where you can select “Run workflow with repo secrets”?
Or add a section to the repo secrets settings where you can add secrets that are allowed to be ran on community forks upon approval.
Main use case is acceptance tests, which require (non-critical, but still sensitive) secrets to run. Would like to include those workflows in my branch protection settings as a required check.