Pulls from forks fail due to secret not being shared #231
Comments
|
I was reading a couple of posts about this issue, it seems that there is a way in which we can modify the Actions workflow to grant access to Secrets for pull requests, but there are security implications with the approach: In the first link, a folk who seems to work for GitHub, acknowledge that they don't support a functionality for this issue, although the post was about a year and a half ago. Another idea might be to specify in the Actions workflow that the actual connection to IDT API is only needed when we are running the tests in the parent SBOL-utilities repository, and mock the API call for any fork of it. In this way we would solve the issue of sharing the Secret and also avoid the hassle of needing to have an IDT account for any person who would like to contribute to the repository and properly run Actions in its fork. I don't know if this is possible, but I would be happy to give it a try. Let me know your thoughts, thanks. |
|
Thanks for looking into this. I've followed your link and read, and I agree that granting access to secrets is a bad idea. Put those together, and I find that I really like the idea of using the mock API call for testing. |
|
Thanks for your response @jakebeal I have a doubt: If we have the mock call running all the time, what can we do to make the real call once per day? |
|
I am thinking that we have one test that calls twice: one with the mock call, and once with the real call (but only if the JSON file exists) |
|
Ohhh that sounds great to me, I will try to implement it then. |
Pulls from forks, like #229, fail testing because testing depends on a secret and that secret isn't available in the source repository. There must be some way that people are recommended to handle this?
The text was updated successfully, but these errors were encountered: