The benchmarking pipeline uses 2 github secrets for the github access token and cluster kubeconfig.
By default pull requests from public forks can't access the secrets as its a potential security risk.
Allowing approved PRs to access these secrets will make them easier to review and improve the contributor experience.
Possible Solutions
We should set up an approval process as described below. Another common solution is for a reviewer to add a label to the PR that triggers the workflow.
Problem
The benchmarking pipeline uses 2 github secrets for the github access token and cluster kubeconfig. By default pull requests from public forks can't access the secrets as its a potential security risk.
Allowing approved PRs to access these secrets will make them easier to review and improve the contributor experience.
Possible Solutions
We should set up an approval process as described below. Another common solution is for a reviewer to add a label to the PR that triggers the workflow.
https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/approving-workflow-runs-from-public-forks