mirror of
https://github.com/bitwarden/clients.git
synced 2026-07-07 21:10:55 +08:00
33 lines
1.1 KiB
YAML
33 lines
1.1 KiB
YAML
# This workflow is intended to be run when we need to run Chromatic and produce artifacts that
|
|
# require secrets when the PR source branch does not have access to secrets (e.g. a fork). It will
|
|
# fail until an approved user has manually re-run the workflow. This workflow will then run in the
|
|
# context of the target of the PR and have access to secrets. This should only be done after
|
|
# reviewing the PR to ensure that no malicious code has been introduced, as it could allow the code
|
|
# on the forked branch to have access to workflow secrets.
|
|
|
|
name: Chromatic on PR Target
|
|
|
|
on:
|
|
pull_request_target:
|
|
types: [opened, synchronize, reopened]
|
|
branches:
|
|
- "main"
|
|
|
|
jobs:
|
|
check-run:
|
|
name: Check PR run
|
|
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
|
permissions:
|
|
contents: read
|
|
|
|
run-workflow:
|
|
name: Chromatic
|
|
needs: check-run
|
|
if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
|
|
uses: ./.github/workflows/chromatic.yml
|
|
secrets: inherit
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
id-token: write
|