-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Github repo creation not using GITHUB_PAT? #106
Comments
Does the branch have access to the environment variable? |
We use |
I would expect the env var to be found as the environment variables are at the repo level in travis 🤔 |
I think someone once told me it'd be bad if the environment variables were accessible from external branches because mean people could output them to the log. |
@stephlocke so should we skip tests involving the environment variable when it's not present i.e. external PRs? |
In |
I'm not comfortable accepting code that hasn't done the full set of tests. Can you give some thought as to how we could achieve it? Perhaps we could use a pre-provided pat and make the variable if it doesn't exist at the beginning of tests for instnce? |
the problem is that we need a pat that can create a repo for my account chibimaelle. The only solution I can imagine is not hard-coding "chibimaelle" i.e. the tests would need a GITHUB_PAT with scope to create a project and we'd have login <- gh::gh_whoami()$login
createBasicProject(
name = "test",
packagedeps = "none",
external_setup = list(
git_service = "GitHub",
login = login,
private = FALSE,
protocol = "ssh",
ci_activation = NULL
),
folder = tmp
)
expect_true(repo_exists(login, "test"))
gh::gh("DELETE /repos/:owner/:repo",
owner = login, repo = "test"
)
But the users submitting an external PR would need to set the GITHUB_PAT in their fork themselves. what do you think? |
I'm not even sure one can create a GITHUB_PAT for a fork 🤔 |
Here's one solution https://blog.algolia.com/travis-encrypted-variables-external-contributions/ Essentially, have an API that you hit up with some info about the travis job. if master branch, do nothing, if from a legit travis job, return a value. Add value to env if returned. |
Other points of view https://discuss.ropensci.org/t/github-pat-needed-in-tests-and-pull-requests-on-travis/1550/7 (no other solutions, the efficient but complicated solution you posted is the only one I've seen). |
Over on a Travis build of a PR, we're getting:
https://travis-ci.org/lockedata/pRojects/jobs/476567120#L3872
I would have expected the GITHUB_PAT we've got in place on the repo to be enough to get around this - perhaps it's using a different mechanism or perhaps we don't have it hooked up to look for the PAT?
The text was updated successfully, but these errors were encountered: