We have an opensource project which gets PRs from external forks. Due to that github secrets are not available.
Therefore if we want to use the buildbuddy cache we have a few options:
- use
pull_request_target instead of pull_request (not an option for us)
- use a bot to run ci on a branch internal to the repo (we have this currently, triggered by someone with auth)
- make a key that has read only access and put that in the workflow file (is this a bad idea?)
Ideally we would have some support from buildbuddy's end where you can have some authentication without needing a key using something about the github action runners such as the github token / run id to determine if a request should pass? or some wway to issue a temp token based on that info?
We have an opensource project which gets PRs from external forks. Due to that github secrets are not available.
Therefore if we want to use the buildbuddy cache we have a few options:
pull_request_targetinstead ofpull_request(not an option for us)Ideally we would have some support from buildbuddy's end where you can have some authentication without needing a key using something about the github action runners such as the github token / run id to determine if a request should pass? or some wway to issue a temp token based on that info?