Skip to content

Commit dd72ead

Browse files
lucassabreulucassabreu
committed
feat: disclaimer
1 parent adcb910 commit dd72ead

File tree

3 files changed

+40
-0
lines changed

3 files changed

+40
-0
lines changed

.github/workflows/summary-example.yml

+21
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
name: example of summary
2+
on:
3+
pull_request:
4+
5+
jobs:
6+
build:
7+
name: example of workflow
8+
runs-on: ubuntu-latest
9+
steps:
10+
- name: Checkout code
11+
uses: actions/checkout@master
12+
13+
- name: clover file to comment (clover.example.base.xml)
14+
uses: ./.
15+
with:
16+
dir-prefix: /var/www/html
17+
file: clover.example.base.xml
18+
base-file: clover.example.xml
19+
chart-size: 75
20+
only-with-cover: true
21+
signature: "summary example"

CHANGELOG.md

+4
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
66

77
## [Unreleased]
88

9+
### Added
10+
11+
- explanation about forks and token permissions with them.
12+
913
### Changed
1014

1115
- improving error reporting for debugging purposes

README.md

+15
Original file line numberDiff line numberDiff line change
@@ -155,10 +155,25 @@ jobs:
155155
base-file: tests/base/coverage.xml
156156
```
157157
158+
Restrictions on Forks
159+
---------------------
160+
161+
Github Actions [imposes higher Restrictions on workflows triggered from forks in public repositories][fork],
162+
where the default token generated will have only read permissions.
163+
164+
Because of that when this Action is run on pull requests from forks no comment will be created with the
165+
coverage report, instead the report will only be shown at the steps summary.
166+
167+
![example of step summary with the report](./assets/summary-example.png)
168+
169+
If comments on pull request from forks are required for your workflow a [PAT](pat) can be used, but be aware
170+
that doing that may open the owner of the PAT to the malicious intentions of the internet.
171+
158172
[CHANGELOG](CHANGELOG.md)
159173
---------
160174
161175
[danhunsaker/clover-reporter-action]: https://github.com/danhunsaker/clover-reporter-action
162176
[pat]: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens
163177
[lang]: https://developer.mozilla.org/pt-BR/docs/Web/JavaScript/Reference/Global_Objects/Intl#argumento_locales
164178
[default-token]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication
179+
[fork]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

0 commit comments

Comments
 (0)