Danger via GitHub Actions Fails when Pull Request is from a Fork

[lcreid]

It appears that Danger can't find the commit from the pull request when the pull request is from a fork. This causes a lint failure for many pull requests. See the discussion at: danger/danger#1103.

If anyone has a solution, please submit a PR. Otherwise, this issue will serve to document the issue until we find something to replace Danger.

[donv]

Tried to fix this in #628 . Try to verify with #627 .

[donv]

So, the original problem was solved, but a new problem with dasnger has arisen. Seems like the access to create an issue comment is missing:

/opt/hostedtoolcache/Ruby/2.7.2/x64/lib/ruby/gems/2.7.0/gems/octokit-4.22.0/lib/octokit/response/raise_error.rb:14:in `on_complete': POST https://api.github.com/repos/bootstrap-ruby/bootstrap_form/issues/627/comments: 403 - Resource not accessible by integration // See: https://docs.github.com/rest/reference/issues#create-an-issue-comment (Octokit::Forbidden)

Anybody got an idea how to solve it?

[donv]

@lcreid (or other owner) We need an access token to enable merging fork PRs.

It must be added without GitHub noticing it: https://github.com/danger/danger/blob/43000055d824ca05a8c7ab63366d10e3d5c21529/.github/workflows/CI.yml#L28

[lcreid]

I had hoped the original solution to get Danger working again didn't require the access token. I looked into this at one time, but didn't have time to investigate why it didn't work. And frankly I wasn't too happy about the security implications, or the long-term sustainability of the solution.

I'm totally open to a solution other than Danger, if anyone has experience with one.

[donv]

I agree that Danger seems britle on GH Actions. I'll do some research on alternatives. What we want is a check for Changelog entry and tests, mostly, right?

[lcreid]

That's right. I believe Danger also checks to see what files are modified, and if not tests are modified/added, it asks that tests be added.