E2E Docker image build fails on forks #1718
Description
Summary of Bug
The E2E Tests do not correctly when running against a fork. These tests should run correctly on all PRs
The Docker image build fails as we depend on a secret being passed to the workflow (secrets.GITHUB_TOKEN) .
When a github workflow is triggered from a fork, the default behaviour is that no secrets are passed.
One possible solution to make this work, is to update the test.yml workflow to run on pull_request_target. This passes the secrets however if we do this we need to put additional safeguards in place to prevent abuse of the secrets.
We can add an additional clause that the e2e tests should only run when a specific label is present .e.g. safe-to-test. This ensures that someone with write access to the repo has reviewed the code and added the label on the fork PR.
Note: Ideally we make the bare minimum number of workflows use pull_request_target. This might mean splitting u existing workflows.
A better solution is to simply use a local docker image for forks. This means that no secrets need to be exposed, and no manual checking of the code before allowing the tests to run. The docker images are sandboxed to the github runner.
This has the downside of taking slightly longer for image build ( ~2mins ) however it is safer and easier to maintain.
For Admin Use
- Not duplicate issue
- Appropriate labels applied
- Appropriate contributors tagged/assigned