Skip to content

Test CI is failing for external contributors #47

Open
@benoit74

Description

@benoit74

Currently, test CI is using the pull_request trigger. However, with this trigger the secrets are not populated when the PR author is external to the repository.

This is done on purpose for security reasons: https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/

Many persons on the internet suggest to use pull_request_target, but according to a rapid oversight of github securitylab article, this is only a workaround with does not help with security at all.

The proper solution seems to separate the workflow in two:

  • existing workflow will only publish the coverage.xml as an artifact
  • a new workflow will be responsible to publish this coverage.xml

Seems pretty simple to implement, but to be confirmed (I skimmed through github article way too fast) and tested of course.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions