Fork testing fails on a PR raised by external contributors despite them setting up the correct Github Secrets in their local repo. This is because Secrets are not passed from the source branch to the workflows. Source ↗.
There is an alternate approach to using pull_request_target instead of the pull_request event in GitHub Actions to enable the workflow to operate within the context of the contributor's secrets. The risk involved is that it can lead to the repo's GitHub secrets. More info ↗
Investigate if there is a safer way to enable fork testing for external PRs.
Context
Fork testing fails on a PR raised by external contributors despite them setting up the correct Github Secrets in their local repo. This is because Secrets are not passed from the source branch to the workflows. Source ↗.
There is an alternate approach to using
pull_request_target
instead of thepull_request
event in GitHub Actions to enable the workflow to operate within the context of the contributor's secrets. The risk involved is that it can lead to the repo's GitHub secrets. More info ↗Investigate if there is a safer way to enable fork testing for external PRs.
Some references: #1 #2 #3