Skip to content

ci: skip pr comment workflow for forked pulled requests#526

Merged
bd82 merged 5 commits into
mainfrom
review-pr-524
Jun 17, 2026
Merged

ci: skip pr comment workflow for forked pulled requests#526
bd82 merged 5 commits into
mainfrom
review-pr-524

Conversation

@bd82

@bd82 bd82 commented Jun 17, 2026

Copy link
Copy Markdown
Member

As forked prs lack the required permissions.
And the repo's security may be (slightly) compromised even if implement mitigations
as recommended here: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

For example, one must remember that the published artifacts by the forked PR (*.vsix) can themselves
contain malicious code and should not be freely installed without oversight.

Additionally keeping this PR Comments workflow for forked PRs is not a high priority
as its an optional helper flow, and forked PRs are not common on this repo.

alex-gilin and others added 3 commits June 16, 2026 17:42
@alex-gilin
fix(ci): fix PR comment posting for fork PRs
26af0ca 
GitHub's GITHUB_TOKEN has read-only access for pull_request events from
forks, so the peter-evans/create-or-update-comment step was failing with
"Resource not accessible by integration".

Split the commenting logic into a separate workflow_run-triggered workflow
(pr-comment.yml) that runs in the base repo context where GITHUB_TOKEN
has full write access. The CI workflow now saves PR metadata (PR number,
SHA, run ID, artifact ID) as a short-lived artifact which the comment
workflow downloads and uses to post/update the PR comment.
@bd82
ci: disable pr comments for fork prs
44323d8
@bd82
chore: minimal change
c26ee32
@github-actions

github-actions Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Build Report

badge

Please note:

  1. Files only stay for around 14 days!
  2. This comment will be updated with the data of the last successful build of this PR.
Name Link
Commit e6b3c40
Logs https://github.com/SAP/app-studio-toolkit/actions/runs/27678993021
VSIX Files https://github.com/SAP/app-studio-toolkit/actions/runs/27678993021/artifacts/7691229637

alex-gilin
alex-gilin approved these changes Jun 17, 2026
View reviewed changes

@alex-gilin alex-gilin left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bd82 bd82 merged commit db9bbd3 into main Jun 17, 2026
4 checks passed
@bd82 bd82 deleted the review-pr-524 branch June 17, 2026 11:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alex-gilin alex-gilin alex-gilin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bd82 @alex-gilin