Test PR for preview #181
Test PR for preview #181
Conversation
|
@spoenemann some test PR to check if the preview mechanism works. However as this PR comes from a fork the action to add a PR comment fails as PRs from forks dont get write tokens. There are workarounds for that, but for security reasons its best not to hand out write tokens to PRs from forks as everyone can create them. I guess you will only have PRs from the repo itself? |
There will often be contributions from forks. But we could change the repo settings to require approval by maintainers before running Actions? |
|
The pr-preview-action action uses internally the sticky-pull-request-comment action which adds comments to the PR itself upon completion. This action needs write permissions for pull-requests. For PR from forks, GitHub does not issue write tokens during workflow runs for good reasons. There is a workaround that we also utilize in our validation scripts that can be found here: https://github.com/adoptium/.eclipsefdn/blob/main/.github/workflows/validate.yml The idea is to use pull_request_target instead. You should read https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ before using that approach. |
|
Also, as you removed the netlify configuration from the repo, should the netlify app be uninstalled as it is not used anymore? It had some advantages compared to deploying to gh-pages though imho. |
|
Yes we can remove the Netlify app. And yes, Netlify is more comfortable and offers very nice deploy previews, but we'd like to move the deployment to the Foundation. If you offer Netlify deployments as alternative to GH Pages, we can consider that as well. |
|
The netlify app has been removed from the organization. I am not aware of what the EF offers in terms of deployment environments for previews, best to raise a ticket in the HelpDesk. |
|
btw the link to the issue in the deploy preview workflow from forks is here: rossjrw/pr-preview-action#3 |
|
No solution in sight so far. I propose to remove the previews (#208) until someone comes up with a properly working preview feature. |
|
@netomi what's that bot doing with the PR? |
|
I am trying something with the workflow and reopen the PR to trigger actions. |
|
|
ok so the preview works and is also committed correctly to the gh-pages branch, however, there seems to be some redirect active that prevents that to be visible. |
|
ok, so the normal site is deployed using GitHub actions, and the preview feature uses the gh-pages branch. The 2 things are not compatible with each other. So I guess we have solution to combine the 2 approaches. |
|
I reverted the changes, remove the gh-pages branch and will close this PR again. |
No description provided.