Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OpenToFu checks on pull request created from forks #27

Open
btlogy opened this issue Jan 23, 2025 · 0 comments
Open

Support OpenToFu checks on pull request created from forks #27

btlogy opened this issue Jan 23, 2025 · 0 comments

Comments

@btlogy
Copy link
Member

btlogy commented Jan 23, 2025

Scope

Since #21, it is possible to run OpenToFu checks on pull request.
But those created from forked repositories will fail early because the secrets required to access the state and other providers API's are only available from the upstream repository.

Today, the only option to run those check is to ask a maintainer push the branch from the fork in this repository and verify the action logs.

It seems challenging to allow anyone to run any OpenToFu check w/o making the state public (w/o or w/ useless encryption)!
Maybe with some tokens allowing read-only access and a single secret to share allowing contributor the decrypt the state on case basis...

Value

A contributor with read-only permissions (anyone in fact) would be able to verify her/his/them changes with a closer feedback loop.

Requirements

Pull request from forks should trigger some relevant OpenToFu checks with minimal involvement from the maintainers.

Additional information
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@btlogy