I'm trying to create an action which will invite a contributor whos PR gets merged, to an organization.
I have almost finished it, but I have a pretty annoying problem now because workflow triggered by a PR merged to the main repo from the user's repository doesn't have access to the secrets, and I need a secret(public access token) to provide it to the GitHub API to invite a user.
How could one solve this?
Solved! Solved! Go to Solution.
Thanks for your feedback! It's not supported, please check below:
1. With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository. Link below：
2. In the workflow which triggered by pull request from forked repo, 'secrets.GITHUB_TOKEN' has only 'read' permission, it is lack of permission to be used in API to invite users. Link below:
yup, that's what I did
instead of running the action on closing the PR I'm running it on a new commit on master, this has to be triggered by someone with 'write rights' to the repo, therefore, it has access to the repo secrets.
It's a bit harder to check if the commit is a merge commit and we have to explicitly fetch more info about the PR, but it works. Source code of an action I was trying to build if someone is interested: https://github.com/lekterable/inclusive-organization-action