Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
GitHub Staff
Message 11 of 16

Re: Github Workflow not running from pull request from forked repository

Currently we do not support running PRs from forks for private repos as we are trying to figure out some of the security issues associated with that.  This is something we are looking to address by GA.

Pilot Lvl 1
Message 12 of 16

Re: Github Workflow not running from pull request from forked repository

Dear @chrispat  ,  Thank you for your response.

 

For Open Source Projects,  Currently lot of actions  such as coverallslabeller, unit tests, doesn't work and fails with *Resource Not Accessible by Integrationerror, for the Pr coming from Forked repos. This is because The permissions for the GITHUB_TOKEN in forked repositories is read-only for all the events. As we are getting more than 90 %  of the contributions from the Forked Repositories, I'd like to use the above mentioned actions for showing up code coverage, labeller, unit tests in the Pull_request_comment. I think If there is a way to trigger the workflow in the upstream branch for this use-case, then This problem can be solved, or there should be read/write access at least for the Pull Request (access by forked repositories) as this is not critical and won't have write access to the content of the base repository.  

Screen Shot 2019-10-02 at 12.10.06.png

 

 

As I already mentioned, since we get contributions only from the forked repos, this is a must have feature. Others have already reported in multiple other discussions and please tell us if there is any workaround solution to enable action commenting on the PR  coming from the forked repositories. 

Thanks in Advance. 

Copilot Lvl 3
Message 13 of 16

Re: Github Workflow not running from pull request from forked repository

"Looking to address by GA"

 

What is GA in this context?

 

Thanks for keeping us updated- we are also unable to make use of Actions on our corporate repos until this is resolved.

Ground Controller Lvl 2
Message 14 of 16

Re: Github Workflow not running from pull request from forked repository

GA = General Availability

Ground Controller Lvl 1
Message 15 of 16

Re: Github Workflow not running from pull request from forked repository

What about running PR from fork/branchA to fork/branchB? Original repo is not touched in this case. Fork is public. Is it bug or somehow affected by security reasons?

Copilot Lvl 2
Message 16 of 16

Re: Github Workflow not running from pull request from forked repository

EDIT:

Currently we do not support running PRs from forks for private repos as we are trying to figure out some of the security issues associated with that.  This is something we are looking to address by GA.

 

This is the case for public repositories too right? Forks only have a RO  access token hence merging of PRs or addition/removal of labels cannot be automated. However, according to Github documentation, pull_request events are triggered for the base repo ONLY and hence this workflow could theoretically be automated. So was this change to block events to base repository intended? If so can this be regarded as a  temporary change until a proper security solution is found?