[Bug] Github action not getting a token

[Kasparsu]

Bug report

What I did

Make a pr

What I expected to happen

All runners to pass

What happened

Adding to this weeks project Github action fails. https://github.com/Laravel-Backpack/CRUD/actions/runs/9370659731/job/25798153480?pr=5533

What I've already tried to fix it

nothing, I don't have rights for that

[jcastroa87]

Hello @Kasparsu

I ask to @pxpm or @tabacitu to check about this.

They will came with news about it.

Cheers.

[tabacitu]

Finally gotten to the bottom of this! Thanks for the heads-up @Kasparsu but it looks like this is a false alarm. I remembered something about it, tracked it down. Explaining it here so we all know about it:

The github secrets are only available in PRs made by the Backpack org members.

Here's a bit from the Github page about it: Anyone with collaborator access to this repository can use these secrets and variables for actions. They are not passed to workflows that are triggered by a pull request from a fork.

Makes sense, actually. Because otherwise, a fork would be able to... create a new action that is destructive/malicious, then create a PR from their fork. The Action would run, wreaking havoc. Or they could trigger millions of actions running, exhausting our tokens. So the Github protection here makes sense.

I've recently created a PR and this same action has worked ok. So our token is working fine there, but ONLY working on PRs coming from the team.

Cheers!