`Deploy PR to Firebase` job failing on forks

[ForestEckhardt]

There is an issue with the deploy-dev-pr action that is based around the fact that secrets are no longer available to PRs that originate from a fork. This is after a change that github made to increase security. There is however a work around https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/. In this article a work around it laid out and there is a link to an article around why you may not want to use the workaround. How do we feel about this? Do we want to use the workaround for dependabot and all other forks or just dependabot or neither?

[robdimsdale]

@ForestEckhardt did this get resolved? I think I've seen recent deployments of my PRs succeed, but I don't know if this would be true for a community contributor who isn't in the contributors/maintainers list.

[ForestEckhardt]

I still see it with dependabot update and community members