From c5e601d726b6a7da6cf957d27c5672e5201aafad Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Wed, 17 Aug 2022 13:08:26 +0200 Subject: [PATCH] Set GITHUB_TOKEN to let Danger be able to work on PR from forks. --- .github/workflows/danger.yml | 2 ++ .github/workflows/quality.yml | 2 ++ docs/danger.md | 2 ++ 3 files changed, 6 insertions(+) diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index a1d754b4de..d36f2d0765 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -16,3 +16,5 @@ jobs: args: "--dangerfile tools/danger/dangerfile.js" env: DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }} + # Fallback for forks + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 6e5e2e4d67..544d9081f8 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -71,6 +71,8 @@ jobs: args: "--dangerfile tools/danger/dangerfile-lint.js" env: DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }} + # Fallback for forks + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Gradle dependency analysis using https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin dependency-analysis: diff --git a/docs/danger.md b/docs/danger.md index acf14018e6..afa3555469 100644 --- a/docs/danger.md +++ b/docs/danger.md @@ -85,6 +85,8 @@ To let Danger check all the PRs, including PRs form forks, a GitHub account have - password: Stored on Passbolt - GitHub token: A token with limited access has been created and added to the repository https://github.com/vector-im/element-android as secret DANGER_GITHUB_API_TOKEN. This token is not saved anywhere else. In case of problem, just delete it and create a new one, then update the secret. +PRs from forks do not always have access to the secret `secrets.DANGER_GITHUB_API_TOKEN`, so `secrets.GITHUB_TOKEN` is also provided to the job environment. If `secrets.DANGER_GITHUB_API_TOKEN` is available, it will be used, so user `ElementBot` will comment the PR. Else `secrets.GITHUB_TOKEN` will be used, and bot `github-actions` will comment the PR. + ## Useful links - https://danger.systems/