Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 2
Message 1 of 16

Run a GitHub action on `pull_request` for PR opened from a forked repo

Solved! Go to Solution.

If I create a workflow with an action that runs on `pull_request`, when a pull request is opened on that repo from a forked repo, the action is not triggered.

 

Workflow file:

```

workflow "List environment variables" {
on = "pull_request"
resolves = ["my-action"]
}

action "my-action" {
uses = "./"
}

```

 

Then fork the repo, create a branch, push a commit and open a pull request on the upstream repo. The action is not started for this PR.

 

Is that intentionnal or is it a limitation of the beta?

 

If that case is planned to be supported in the future, will the secret environment variables be available to the action?

 

Thanks!

 

15 Replies
Ground Controller Lvl 1
Message 2 of 16

Re: Run a GitHub action on `pull_request` for PR opened from a forked repo

Hi @pvdlg, that's intentional and likely to remain the case.

 

This is a mitigation against the possibility that a bad actor could open PRs against your repo and do things like list out secrets or just run up a large bill (once we start charging) on your account. The actions are in fact executed, but it happens against the _fork_, not against the base repo.

 

This does require that the forked repo also has actions enabled though. During the beta period that means that the owner of the forked repo must also be in the beta.

 

Hope this helps clear things up!

Copilot Lvl 2
Message 3 of 16

Re: Run a GitHub action on `pull_request` for PR opened from a forked repo

Hi,

Is this documented somewhere?

 

If I setup https://github.com/jessfraz/shaking-finger-action

on pull_request, will the action result show up if somebody with forked repo opens a PR to my repository? Typically I'd like unit tests + linting results to show in the PR automatically.

If it runs against the forked repo, then I assume it is not possible to use the GITHUB_TOKEN to post a comment like in the shaking-finger-action example?

Copilot Lvl 2
Message 4 of 16

Re: Run a GitHub action on `pull_request` for PR opened from a forked repo

Pilot Lvl 1
Message 5 of 16

Re: Run a GitHub action on `pull_request` for PR opened from a forked repo

Hi @larshp, are you able to configure the workflow so that unit tests + linting results is shown on the PR when the PR is coming from the forked repo ? .. 

Highlighted
Ground Controller Lvl 2
Message 6 of 16

Re: Run a GitHub action on `pull_request` for PR opened from a forked repo

Has there been a change in this policy? I created a test account (@huynguyendev) that is not in the beta. I then opened up a PR to TextureGroup/Texture (which is in the beta) from my forked repo. The commit changes Texture's worflow file to run on pull_request and voila, the workflow is started for my PR!

 

https://github.com/TextureGroup/Texture/pull/1628/checks?sha=4f0f4cabd6cbb40224329446e100701ca448353...

Copilot Lvl 2
Message 7 of 16

Re: Run a GitHub action on `pull_request` for PR opened from a forked repo

Hi @appleton ,

I understand the same. But i think it would be better if atleast the status of the run is shown on the main repository.

The actions run at personal fork but the final status results are shown at the main repository.

 

 

Copilot Lvl 3
Message 8 of 16

Re: Run a GitHub action on `pull_request` for PR opened from a forked repo

actions are in fact executed, but it happens against the _fork_

 

How do I (the owner of the fork) see the results of those actions?

 

This does require that the forked repo also has actions enabled

 

Is there something manual that needs to be done on the forked repo to enable actions?

 

During the beta period that means that the owner of the forked repo must also be in the beta.

 

I am in the beta but I can not see the results even when I have on: [pull_request, push] set on a pull request in a forked repo. What am I missing?

Solution
GitHub Staff
Message 9 of 16

Re: Run a GitHub action on `pull_request` for PR opened from a forked repo

For the recent update for GitHub Actions we have made a lot of changes to how workflows are run.

 

A workflow that specifies a pull_request as the event will always run in the repository that contains that pull_request.  So when I raise a pull_request to the upstream repo from a fork of that repo the workflow run will be in that upstream repo.  

 

https://help.github.com/en/articles/events-that-trigger-workflows#pull-request-events-for-forked-rep...

 

During the beta you may or may not have GitHub Actions enabled in your user account or organization.  If you don't have GitHub Actions enabled forking a repo that has actions workflows into your account will not cause any runs to occur.

Pilot Lvl 1
Message 10 of 16

Re: Run a GitHub action on `pull_request` for PR opened from a forked repo

So how does the mitigation work in this case?

How can I be sure that the author of the PR did not modify the workflow definition and e. g. reads out repository secrets?