CI on forks #3385
CI on forks #3385
Conversation
| runs-on: ubuntu-latest | ||
| timeout-minutes: 5 | ||
| if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'push' | ||
| if: (github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'push') && github.repository == 'pydantic/pydantic-ai' |
There was a problem hiding this comment.
Could this be simplified? I don't know if we still need the github.event.pull_request.head.repo.full_name == github.repository check was was presumably meant to accomplish something similar.
There was a problem hiding this comment.
TLDR, I cannot see a simplification. github.event.pull_request.head.repo.full_name == github.repository checks that the PR is from a branch within the base repository (not from a fork).
(1) True when you push a feature branch to your main.
(2) Also true when I push a feature branch from my fork to main in my fork. Say if I want to experiment and not want to clutter your "PR inbox" with my drafts.
(3) False if I push a feature branch from my fork to your main.
The most important use case (3) is covered by the existing code. My new conditional covers (2), and is orthogonal. We cannot remove github.event.pull_request.head.repo.full_name == github.repository.
Alternatively, I can check for the existence of every secret instead, for example secrets.PPPR_TOKEN != ''. But if you introduce a new secret, the code breaks.
2 participants
Problem
The CI pipeline currently requires a number of secrets in order to run on GitHub.
Because forks don’t have access to those secrets, the CI pipeline fails when run on a fork.
Solution
Disable the parts of the CI pipeline that require secrets when the repository is not
pydantic/pydantic-ai.Changes
ci.ymlto bypass secret-dependent jobs when the repository is a fork..gitignoreto ignore the Cursor config and the dev container in the project root.