The issue with SNYK (Snyk is missing auth token in order to run inside CI. You must include your API token as an environment value: SNYK_TOKEN=12345678) still persists. Repo Secrets are not propagated into CI environment because it is running inside the PR of the forked repo.
marquiz
commented
1 year ago
The issue with SNYK (Snyk is missing auth token in order to run inside CI. You must include your API token as an environment value:
SNYK_TOKEN=12345678) still persists. Repo Secrets are not propagated into CI environment because it is running inside the PR of the forked repo.From the GitHub documentation: With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflows-in-forked-repositories
We can test it using another event called pull_request_target. Details are here: https://gist.github.com/fidencio/57960a11a0f7669e0b9c4a823d5503e5