Need to authorise Vercel deployment for PR created by developers not having access to the organization Vercel
shivaylamba opened this issue · comments
Hi @shivaylamba!
I just made a PR to try and figure out what was the problem. I think I figured it out.
The difference between the tenant-token demo
and all the other demos in Vercel
is that the tenant-token
demo is using environment variables stored in Vercel
.
So as a security, any commit not coming from a Vercel
member of the tenant-token
project is by default not authorized to deploy a preview.
I think you can disable this security behavior in your Vercel
project in /settings/security
. You will find a section Git Fork Protection
.
Also, I would advise you to set up specific environment variables for Production
, Preview
and Development
.
Let me know if this is not clear, if you need more information or if this fixes your issue! 😄
🦭
Hey @meilisearch/devrel-team, did it fix your issue?
no idea, do you @shivaylamba ?
This should be fixed, since I followed the steps as suggested by @nicolasvienot to configure the setting in Vercel for the project.
Hi @meilisearch/devrel-team,
After a talk with @CaroFG I wanted to get back to this issue and the way we handled it.
Be aware that disabling the Git Fork Protection
on Vercel might cause security issue if you have the same environment variables in your preview
, staging
and production
environment.
It means that anyone can trigger a deployment in Preview mode
by creating a PR in this repository, and this PR will have access to your environment variables. If there is any sensitive information there (Meilisearch master key or private key for example), you should either only use them in production or find another way to handle them. Let me know if you need any help with that.
cc @shivaylamba @oluademola
I let you all and @CaroFG handle this, it's out of my expertise area