GitHub Actions for pull requests

1 minute read

GitHub Actions provides a well-integrated CI/CD system for code hosted on GitHub. If you want to build and run tests when someone sends pull requests, you can use the pull_request event. The pull_request event runs the workflow in a security-hardened environment due to security reasons. For example, the encrypted secrets deposited in GitHub will not be available for the workflow. Another restriction is that the GITHUB_TOKEN only gets read access with the pull_request event type.

If you want some write operations after the build and tests, you can use the workflow run event. It requires some preparation from the pull_request job. You can save the pull request number, build outputs, test results, and all other workflow data into one directory, say pr, and store it as an artifact.

Here is an example to upload the pr directory as an artifact. It will be available as pr.zip in the workflow run for 90 days (by default):

      - uses: actions/upload-artifact@v2
        with:
          name: pr
          path: pr/

From the workflow run event, you can download the stored artifact. You can see an example in the Keeping your GitHub Actions and workflows secure article. Since the workflow run got write access, you can perform write operations based on the downloaded artifacts. Some of the common write operations are adding comments and labels to the pull requests.

Yet another restriction with the pull request event is manual approval required for the first-time contributors’ pull request. The requirement for manual approval is an ongoing issue with some workarounds.

Categories: ,

Updated: