feature: add ability to deploy review apps for PRs from forks

CleverCloud · Jan 19, 2024 · 9de1b55 · 9de1b55
1 parent 2a0e1e9
commit 9de1b55
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -7,6 +7,8 @@ This GitHub Action does the following
 2. **The PR is updated:** it deploys last pushed commit and post a comment to confirm the redeployment
 3. **The PR is closed (merged or not):** it deletes app and post a comment to confirm the job has been done.
 
+The action will consider both branches on the same repository, and pull requests from forks.
+
 ## Requirements for this Action
 
 - A [Clever Cloud](https://www.clever-cloud.com) account
@@ -59,8 +61,6 @@ Place this script in your repository in `.github/workflows/` and modify the foll
 - `CLEVER_SECRET` and `CLEVER_TOKEN`: find them in your `clever-tools.json` after installing the CLI (example path on Mac: `~/.config/clever-cloud/clever-tools.json`)
 - `ORGA_ID`: the organisation in which your app is created
 
-⚠️ This script runs in the context of the base repository and won't work accross forks, because the branch from your fork won't exist in this one. It uses `pull_request_target` as a trigger event to access secrets needed to deploy.
-
 Generally speaking, forks won't have access to secrets [from any base repository](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflows-in-forked-repositories-1). This is a GitHub Action security measure and there isn't any way of overriding this using GitHub Actions. **Any pull request from a fork will therefore fail**, consider warning your contributors about this.
 
 ## Inject App Secrets

diff --git a/action.yml b/action.yml
@@ -1,6 +1,6 @@
 name: Clever Cloud Review App on Pull Requests
 
-description: Deploy, sync and delete review apps on Clever Cloud for every pull request
+description: Deploy, sync and delete review apps on Clever Cloud for every pull request targeting the `main` branch
 
 on:
   pull_request_target:
@@ -31,7 +31,9 @@ jobs:
       - name: Check out repository code
         uses: actions/checkout@v4
         with:
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           fetch-depth: 0
       - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
       - run: echo "🖥️ The workflow is now ready to test your code on the runner."
@@ -90,7 +92,9 @@ jobs:
       - name: Check out repository code
         uses: actions/checkout@v4
         with:
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           fetch-depth: 0  
       - name: install clever-tools
         run: npm install -g clever-tools