Closed berry2012 closed 1 year ago
Anyone can fork a public repository, and then submit a pull request that proposes changes to the repository's GitHub Actions workflows. Although workflows from forks do not have access to sensitive data such as secrets, they can be an annoyance for maintainers if they are modified for abusive purposes.
Running pull_request_target solves this issue https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
Cool:) thanks for commenting the fix ✌️
When running Datree workflow against a PR from a forked repo, it results in the error below:
From my observation, I see "No secret token is detected" in the jobs log.
Pull requests from the same repo works and the secret token could be detected.
My config
Ask
How to make Pull requests from forked repo work with Datree.