ci: upgraded ruby/setup-ruby action from version v1.152.0 to v1.178.0 #233
Conversation
…oken for forked PRs
.github/workflows/main.yml
Outdated
| environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }} | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - run: true |
There was a problem hiding this comment.
The authorize step is required when u use pull_request_target in the on on line 3. If u use pull_request, authorize has no purpose.
You should ask your self:
- should codecov work for forks?
- if yes => use pull_request_target and authorize
- if no => keep pull_request and drop authorize.
pull_request does not expose secrets to forks, meaning it would fail as there are no token found. pull_request_target does expose tokens to secrets, so we need to protect it with authorization.
There was a problem hiding this comment.
Hi @frederikprijck,
Thank you very much for the detailed explanation on the differences between the triggers pull_request and pull_request_target.
We would like to have codecov working for forks as well but it needs to be authorized first, hence proceeded with pull_request_target.
Pushed the changes accordingly, please take a look again
There was a problem hiding this comment.
On further discussion with @frederikprijck, we've decided it's okay to skip the code coverage check for the PR's raised from forks, as we will have a safety net for this when the PR is raised to master before release, hence changing it back to pull_request and dropping authorize
… to enable actions running for forks too
desusai7
force-pushed
the
ci/upgrade_setup_ruby_action
branch
from
293987b
to
1ffc886
Compare
.github/workflows/main.yml
Outdated
| @@ -14,7 +14,7 @@ concurrency: | |||
|
|
|||
| jobs: | |||
| test: | |||
| name: Test on ${{ matrix.platform.os }} using Xcode ${{ matrix.xcode }} | |||
| name: Test on ${{ matrix.platform.os }} using Xcode ${{ matrix.xcode }}s | |||
There was a problem hiding this comment.
| name: Test on ${{ matrix.platform.os }} using Xcode ${{ matrix.xcode }}s | |
| name: Test on ${{ matrix.platform.os }} using Xcode ${{ matrix.xcode }} |
README.md
Outdated
| @@ -76,7 +76,7 @@ Then, run `carthage bootstrap --use-xcframeworks`. | |||
| import JWTDecode | |||
| ``` | |||
|
|
|||
| 2. Decode the token | |||
| 2. Decode the token using the code snippet shared below: | |||
There was a problem hiding this comment.
Was this added for CI purposes or is it an intended change?
There was a problem hiding this comment.
(for triggering a build, I mean)
There was a problem hiding this comment.
Yes, will revert them
|
For context, workflows are disabled for PRs from forks and have to be manually approved: |
.github/workflows/main.yml
Outdated
| @@ -15,6 +15,7 @@ concurrency: | |||
| jobs: | |||
| test: | |||
| name: Test on ${{ matrix.platform.os }} using Xcode ${{ matrix.xcode }} | |||
| environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }} | |||
There was a problem hiding this comment.
I had added it previously, when we have introduced two different environments for secrets as part of using the authorize step.
Removed it now, as we are no longer using authorize, please take a look again.
📋 Changes
3.0.7📎 References
https://github.com/auth0/JWTDecode.swift/actions/runs/9598725630/job/26470757827