Open stephlocke opened 5 years ago
Does the branch have access to the environment variable?
We use gh
functions directly so use the GITHUB_PAT when it's available so the best thing I could imagine is skipping this test when the environment variable is not available (which will always happen in PRs). What do you think?
I would expect the env var to be found as the environment variables are at the repo level in travis 🤔
I think someone once told me it'd be bad if the environment variables were accessible from external branches because mean people could output them to the log.
@stephlocke so should we skip tests involving the environment variable when it's not present i.e. external PRs?
In codemetar
what we have is testthat::skip_if_not(nzchar(Sys.getenv("GITHUB_PAT")))
I'm not comfortable accepting code that hasn't done the full set of tests. Can you give some thought as to how we could achieve it? Perhaps we could use a pre-provided pat and make the variable if it doesn't exist at the beginning of tests for instnce?
the problem is that we need a pat that can create a repo for my account chibimaelle.
The only solution I can imagine is not hard-coding "chibimaelle" i.e. the tests would need a GITHUB_PAT with scope to create a project and we'd have
login <- gh::gh_whoami()$login
createBasicProject(
name = "test",
packagedeps = "none",
external_setup = list(
git_service = "GitHub",
login = login,
private = FALSE,
protocol = "ssh",
ci_activation = NULL
),
folder = tmp
)
expect_true(repo_exists(login, "test"))
gh::gh("DELETE /repos/:owner/:repo",
owner = login, repo = "test"
)
But the users submitting an external PR would need to set the GITHUB_PAT in their fork themselves. what do you think?
I'm not even sure one can create a GITHUB_PAT for a fork :thinking:
Here's one solution
https://blog.algolia.com/travis-encrypted-variables-external-contributions/ https://github.com/algolia/api-key-dealer
Essentially, have an API that you hit up with some info about the travis job. if master branch, do nothing, if from a legit travis job, return a value. Add value to env if returned.
Other points of view https://discuss.ropensci.org/t/github-pat-needed-in-tests-and-pull-requests-on-travis/1550/7 (no other solutions, the efficient but complicated solution you posted is the only one I've seen).
Over on a Travis build of a PR, we're getting:
https://travis-ci.org/lockedata/pRojects/jobs/476567120#L3872
I would have expected the GITHUB_PAT we've got in place on the repo to be enough to get around this - perhaps it's using a different mechanism or perhaps we don't have it hooked up to look for the PAT?