Closed gentlementlegen closed 4 months ago
Tests seem to be failing due to empty environment variables during the tests https://github.com/ubiquity/ubiquibot-kernel/actions/runs/9149319076/job/25152816695?pr=42#step:5:7 which I cannot fix myself.
@rndquu youre admin please facilitate
@gentlementlegen
Check this workflow
How it works right now:
pull_request_target
)If here we change the code to checkout the PR branch using pull_request_target
then any fork will have access to these env variables.
So right now this workflow is literally 1 line away from leaking secrets.
There are viable 2 options:
@rndquu will be mocking as we cannot have dummy values since it tries to reach a real endpoint.
plugins
instead of a GitHub Actionpull_request
with mocked valuesmain
branch and also updates the secrets in Cloudflare with the ones from GitHub to avoid manually setting them (requires WEBHOOK_PROXY_URL
, WEBHOOK_SECRET
, APP_ID
, PRIVATE_KEY
to be set)Test still expected to fail for pull_request_target
, successful pull_request
test here
we can merge this, right?
@whilefoo was waiting for second validation but if you're good with it for sure
Resolves #39