Skip riff-raff-artifact so fork PRs do not crash on roleArn missing #27310
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As mentioned in github/docs#6861: > It is common for projects to include a secret for deploying things and an action that uses that secret. > > When one forks that repository, the secret won't be present and the workflow will break. > > This experience is incredibly painful. For guardian/frontend, we're using [actions-riff-raff](https://github.com/guardian/actions-riff-raff), which needs a `roleArn` which is provided as a repository secret. For PRs like #27233, from an external contributor, the CI appears to fail, even though all tests have passed. ### CI never runs on forks unless we authorise the contributor The [GitHub docs](https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks#approving-workflow-runs-on-a-pull-request-from-a-public-fork) say: > By default, all first-time contributors require approval to run workflows. ...so it could be argued that ideally, the build should still produce the riff-raff artifact for fork PRs.
rtyley
force-pushed
the
skip-riff-raff-artifact-so-forks-do-not-crash-on-roleArn-missing
branch
from
51979cf to
d8e373a
Compare
|
@ioannakok I think we left this in draft while we were waiting to check that |
ioannakok
approved these changes
Jul 25, 2024
rtyley
deleted the
skip-riff-raff-artifact-so-forks-do-not-crash-on-roleArn-missing
branch
|
Seen on FRONTS-PROD, ADMIN-PROD (merged by @rtyley 11 minutes and 6 seconds ago)
|
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As mentioned in github/docs#6861:
For guardian/frontend, we're using actions-riff-raff, which needs a
roleArnwhich is provided as a repository secret. For PRs like #27233, from an external contributor, the CI appears to fail, even though all tests have passed.CI never runs on forks unless we authorise the contributor
The GitHub docs say:
...so it could be argued that ideally, the build should still produce the riff-raff artifact for fork PRs.