qq on pull_request.yaml
chrislin22 opened this issue · comments
I have noticed that for PR: #467
https://github.com/PatrickSpies/stakater-reloader/blob/feat/chart-netpol/.github/workflows/pull_request.yaml#L4
actually changed pull_request
to pull_request_target
https://github.com/stakater/Reloader/blob/master/.github/workflows/pull_request.yaml#L4
which allows fork PR be able to use base repo's secrets.
Is this a common practice? Otherwise the secret values are invisible to the fork PR.
Thanks
-cl
pull_request_target
has some weird side effects, and it is only first-time contributors that require approval to run workflows, subsequent runs should work without approval. You can switch back still if you like.
follow up question please:
- The PR did not container the modified file
pull_request.yaml
, even there is modifcation there, any reason why? - if using
pull_request_target
, then will it trigger some special approval then after that github action runs? - after the first PR got proved, for future PR just use
pull_request
the github action behavior will be just like treating PR from a branch (able to use base secret)?
thanks - I have a repo facing the similar issue