fidesops icon indicating copy to clipboard operation
fidesops copied to clipboard
verified publisher icon ethyca

[Devops] Stop forked repos running the `Publish` on `main` push

Open seanpreston opened this issue 4 years ago • 3 comments

When you push to main on forked repos, our CI tries to run the Publish action:

Screenshot 2022-01-20 at 15 40 47

We should disable this.

seanpreston avatar Jan 20 '22 20:01 seanpreston

some very preliminary research points to the "proper" support for this functionality still being in the backlog for github: https://github.com/github/feedback/discussions/9098

this post seems to point to a potential solution with an 'if' conditional within each job: https://github.community/t/stop-github-actions-running-on-a-fork/17965/2

and it also mentions the settings that can be set on the side of the forked repo to disable actions (a mitigation, not really addressing the problem here).

i'm still new to github actions so please take my research with a grain of salt :)

adamsachs avatar Apr 13 '22 21:04 adamsachs

interestingly, in testing this it seems that a user needs to now opt-in to enable actions on their forked repository (see screenshot). perhaps this is a good enough mitigation?

if not, then we can try to implement the 'if' conditional solution referenced above, but that doesn't feel very clean.

image

adamsachs avatar Apr 13 '22 21:04 adamsachs

for what it's worth, i tried out the 'if' conditional workaround on a test fork repo: https://github.com/adamsachs/fidesops_forked_test/commit/2325c71302b0ba2ad112433afd6aaf5494291f73

and it seemed to work in that the action was skipped: https://github.com/adamsachs/fidesops_forked_test/actions/runs/2163901775

adamsachs avatar Apr 14 '22 14:04 adamsachs