Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate updating fork access #61

Closed
sk593 opened this issue Oct 2, 2024 · 2 comments
Closed

Investigate updating fork access #61

sk593 opened this issue Oct 2, 2024 · 2 comments
Assignees
@sk593
Labels
more-information-needed

Comments

@sk593
Copy link
Contributor

sk593 commented Oct 2, 2024
edited
Loading

Forks and Dependabot needs access to AWS keys to run tests on opened PRs. Access should be added or we should remove setting secrets if it's not needed

Test runs from forks will fail with the following error:
Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers as a result of using this packageaws-actions/configure-aws-credentials@v4. See this PR run for details: https://github.com/radius-project/bicep-types-aws/actions/runs/11147276332/job/30981202815?pr=62

We might not need this package to configure credentials since we're pulling from CloudControl specs to generate AWS types. We should look into whether credentials are needed. If they aren't needed, we should remove this step. If they are needed, we should investigate how to give forks the correct access to run tests on PRs.

AB#13379
@sk593 sk593 changed the title Update Dependabot access Update fork access Oct 2, 2024
@lakshmimsft lakshmimsft removed their assignment Oct 3, 2024
@sk593 sk593 changed the title Update fork access Investigate updating fork access Oct 3, 2024
@sk593 sk593 mentioned this issue Oct 15, 2024
Closed
@sk593
Copy link
Contributor Author

sk593 commented Oct 18, 2024
edited
Loading

For Dependabot triggered PRs, we can add credentials to Dependabot to get the workflow passing. This will need to be done by a maintainer.

For other forks, there are some suggestions on how to go about this. This will need further investigation as want to make sure we're not giving write access to forks. See here for details: aws-actions/configure-aws-credentials#188

Options for other forks:

workflow_run would be ideal so we don't add additional security vulnerabilities and there's already a precedent for that approach in the Radius repo

@sk593 sk593 mentioned this issue Oct 22, 2024
Closed
4 tasks
@sk593 sk593 mentioned this issue Dec 3, 2024
Merged
@sk593
Copy link
Contributor Author

sk593 commented Jan 10, 2025

Addressed via: #85

@sk593 sk593 closed this as completed Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sk593 sk593

Labels
more-information-needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sk593 @lakshmimsft