search

awslabs / amplify-video

An open source Category Plugin for the AWS Amplify-CLI that makes it easy to deploy live and file based streaming video services and integrate them into your Amplify applications.
https://www.npmjs.com/package/amplify-category-video
Apache License 2.0
267 stars 56 forks source link

Add tests for CloudFront signed urls to testing pipeline #212

Closed nathanagez closed 3 years ago

nathanagez commented 3 years ago

Issue #197

Description of changes:

Close #197

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

wizage commented 3 years ago

LGT2M

We need to figure out how we can run this as right now Github doesn't support pull request accessing secrets. My thoughts are to add a release pipeline. So to release you can run:

npm release <versionnumber> and it goes and updates the version numbers, publishes to npm with Beta tag and then creates a new git branch and pushes it to a beta branch. Then inside of Github you make a pull request off beta branch to trigger the Jest tests before final release to NPM

nathanagez commented 3 years ago

LGT2M

We need to figure out how we can run this as right now Github doesn't support pull request accessing secrets. My thoughts are to add a release pipeline. So to release you can run:

npm release <versionnumber> and it goes and updates the version numbers, publishes to npm with Beta tag and then creates a new git branch and pushes it to a beta branch. Then inside of Github you make a pull request off beta branch to trigger the Jest tests before final release to NPM

@wizage what do you mean by Github doesn't support pull request accessing secrets ? It works on the forked repository

I added in Settings -> Secrets:

Is it different here ?

wizage commented 3 years ago

https://stackoverflow.com/questions/62142092/is-it-okay-to-use-github-secrets-with-a-public-repo

Per this article:

Public repository pull_request events triggered by forks do not have access to secrets, except for the default GITHUB_TOKEN. Additionally, The GITHUB_TOKEN has read-only access when an event is triggered by a forked repository. These are intentional restrictions enforced by GitHub Actions to prevent an attacker creating a pull request containing a workflow that captures secrets, or uses secrets to perform operations.