Skip to content

[BUG] The in-develop labeler is not working due to restricted GITHUB_TOKEN access #1099

New issue
New issue
Open
Open
[BUG] The in-develop labeler is not working due to restricted GITHUB_TOKEN access#1099
Assignees
Snailedlt
Labels
bugUse this label for pointing out bugsdevopsDevops/automation related enhancements
@Thomas-Boi

Description

@Thomas-Boi
Thomas-Boi
opened on Mar 24, 2022

I have searched through the issues and didn't find my problem.

  • Confirm

Bug description

Currently, the in-develop issue labeler is not working properly (see this. The issue is due to the GITHUB_TOKEN being limited in scope when used in forked repos.
image

Since all PRs are from forked repos, it renders the workflow unable to edit the Issues in our repo.

Possible fixes or solutions

I was going to try this solution. It involves giving the workflow access to these permissions to add the label. However, this is not recommended since our workflow involves checking out the repo => might open ourselves up to pwn requests. It also seems like we can't override the access for forked repo as seen in this link

New possible solution: follow the pattern that's being used by our peek-bot:

  1. The pull_request PR saves the PR number/issue number into a file
  2. Upload it as an artifact
  3. Create a workflow-run workflow that runs after the first PR
  4. Get the artifact and label our issue in here where we get full GITHUB_TOKEN access.

Since workflow_run workflows has to be in the default branch to work, this would prevent security issues.

Additional information

For now, we can label or the issues manually after merging. It's a bit annoying but not too difficult.

Metadata

Metadata

Assignees

Labels

bugUse this label for pointing out bugsdevopsDevops/automation related enhancements

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions