Workflows run with deployment_status don't work with fork PRs

Hello,
Within our repo, I have a workflow that’s set to run e2e tests once Vercel finishes deploying. This works great for PRs from branches within the repo, but instantly errors out when developers create PRs from forks.

on: [deployment_status]
jobs:
  e2e:
    if: github.event.deployment_status.state == 'success'
    runs-on: ubuntu-latest
    steps: // run the tests etc

Is there a fix for this?

Because deployment events run workflows out of the default branch of the repo and get secrets we don’t allow them to be run on unreachable commits in the repo. This is a security precaution to help prevent malicious code from a potentially unknown author from gaining access to your repos secrets.

I can understand that, but this is a private repo within an organisation that has fork pull requests workflows enabled. If Send secrets to workflows from fork pull requests. is enabled, shouldn’t this be permitted?

Yeah for private repos I think we probably should allow this. I will talk to the engineering team about it today and see if there is something easy we can do.

2 Likes