Closed spectranaut closed 1 month ago
This appears to be a limitation of github actions (of this type) according to https://github.com/creyD/prettier_action/issues/54#issuecomment-858891671 (and the link from there).
Do we need some kind of requirement for people who open PRs against ARIA from different repos to run prettier locally on their branch?
I ran into this too, in https://github.com/w3c/aria/pull/2271#issuecomment-2228598838.
The error is happening in the checkout step (not the prettier step), because github.head_ref
(.github/workflows/prettier.yaml#L19) is the fork’s branch name, which won’t exist in this repo.
We could revise the checkout step like this—
uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
—that’d get us further, but we’d hit another problem: permissions. The default token used in w3c/aria’s workflow doesn’t have permissions to write (i.e. push commits) to random other repos (even forks).
There’s a two-part solution to that:
The fork’s owner (presumably, the PR author) needs to “allow edits and access to secrets by maintainers”.[^1]
We need to run the workflow using a bot account’s token, and that bot account needs to have “Write” access to this repo.
[^1]: Optionally, we can add a comment to PRs if the author hasn’t done this. Homebrew does this, via .github/workflows/publish-commit-bottles.yml#L45-L47.
Thanks much @smockle for your detailed explanation. I'll take a look at this.
I would prefer for The fork’s owner (presumably, the PR author) to “allow edits and access to secrets by maintainers”. We don't currently have a bot account set up.
See: https://github.com/w3c/aria/pull/2290