I want to be able to preview on Netlify the PRs that outside contributors propose.
As you can see from https://github.com/nwtgck/actions-netlify/issues/32#issuecomment-591800758
Is there some sane way to work around this?
Solved! Solved! Go to Solution.
Yeah, as you have saw from the docs, secrets are not passed to the runner when a workflow is triggered from a forked repository. This is for security reasons, and currently we have no any workaround to bypass this limitation.
Of course, if your projects really need this feature, I recommend you directly report your feature request here. That will allow you to directly interact with the appropriate engineering team, and make it more convenient for the engineering team to collect and categorize your suggestions.
How do I express that I build on PR but only if it is a collaborator to avoid the failure messages?
on: pull_request: types: [opened, synchronize]
Or perhaps can I bless a PR to built under my user? For the preview I want?
I have a workaround, maybe you can reference:
1. In your original repository, create a branch bashed on the default/base branch, for example create Merge_Fork branch based on master branch.
2. In the forked repository, every time the collaborators commit some new changes, ask the collaborators create a PR to merge the new changes from the forked repository into the Merge_Fork branch of the original repository. Set this PR do not trigger the workflow (using branch filter).
3. In the original repository, create a PR to merge teh changes from Merge_Fork branch into master branch, set this PR trigger the workflow (using branch filter), in this situation the workflow can access secrets.
on: pull_request: types: [opened, synchronize] branches: - master
As I suggested in previous reply, create a feature branch in your original repository. At first merge changes from the forked repository into the feature branch of the original repository, and then create a PR to merge changes from the feature branch to the base branch to trigger the workflow run, this will allow the workflow to access the secrets in your original repository.
Have you tried this suggestion? Is it helpful to you? Any progress, please feel free to let me know.
There is no automated way to do this right?
The whole point of using Github and this PR flow is to make things easier. If I have to run a bunch of commands then I feel the value of this flow is diminished.
Although this is just an idea, that automcation may be created with GitHub Actions because GITHUB_TOKEN has write permission to original repo.
(I try to make this proof of concept.)
I made a PoC GitHub Actions for merge preview.
Here is a successfull merge preview.
My expected usage is that owner comments "@some-bot merge preview", then the actions is triggered by the comment in PR.
I made a demo video to tell how to use.
Here is an actual pull request from non-maintainers:
Here is the workflow file: