Closed Kasparsu closed 2 weeks ago
Hello @Kasparsu
I ask to @pxpm or @tabacitu to check about this.
They will came with news about it.
Cheers.
Finally gotten to the bottom of this! Thanks for the heads-up @Kasparsu but it looks like this is a false alarm. I remembered something about it, tracked it down. Explaining it here so we all know about it:
The github secrets are only available in PRs made by the Backpack org members.
Here's a bit from the Github page about it: Anyone with collaborator access to this repository can use these secrets and variables for actions. They are not passed to workflows that are triggered by a pull request from a fork.
Makes sense, actually. Because otherwise, a fork would be able to... create a new action that is destructive/malicious, then create a PR from their fork. The Action would run, wreaking havoc. Or they could trigger millions of actions running, exhausting our tokens. So the Github protection here makes sense.
I've recently created a PR and this same action has worked ok. So our token is working fine there, but ONLY working on PRs coming from the team.
Cheers!
Bug report
What I did
Make a pr
What I expected to happen
All runners to pass
What happened
Adding to this weeks project Github action fails. https://github.com/Laravel-Backpack/CRUD/actions/runs/9370659731/job/25798153480?pr=5533
What I've already tried to fix it
nothing, I don't have rights for that