Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 2
Message 1 of 4

Action triggered on a merged PR needs access to a secret

Solved! Go to Solution.

Hey,

I'm trying to create an action which will invite a contributor whos PR gets merged, to an organization.

 

I have almost finished it, but I have a pretty annoying problem now because workflow triggered by a PR merged to the main repo from the user's repository doesn't have access to the secrets, and I need a secret(public access token) to provide it to the GitHub API to invite a user.

 

How could one solve this?

3 Replies
GitHub Partner
Message 2 of 4

Re: Action triggered on a merged PR needs access to a secret

Hi,

 

Thanks for your feedback! It's not supported, please check below:

 

1. With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository. Link below

https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-e...

 

 

2. In the workflow which triggered by pull request from forked repo, 'secrets.GITHUB_TOKEN' has only 'read' permission, it is lack of permission to be used in API to invite users. Link below:

https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-...

 

Thanks.

Solution
GitHub Partner
Message 3 of 4

Re: Action triggered on a merged PR needs access to a secret

You can try to use push event to trigger a workflow in your repository, and then in the action you can parse the detailed information about the push and try to invite the user if it is a merge commit from other repos.

Copilot Lvl 2
Message 4 of 4

Re: Action triggered on a merged PR needs access to a secret

yup, that's what I did

 

instead of running the action on closing the PR I'm running it on a new commit on master, this has to be triggered by someone with 'write rights' to the repo, therefore, it has access to the repo secrets.

It's a bit harder to check if the commit is a merge commit and we have to explicitly fetch more info about the PR, but it works. Source code of an action I was trying to build if someone is interested: https://github.com/lekterable/inclusive-organization-action