Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

false positive error on secrets context access in forks #375

Open
OmarTawfik opened this issue Aug 20, 2024 · 1 comment
Open

false positive error on secrets context access in forks #375

OmarTawfik opened this issue Aug 20, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@OmarTawfik
Copy link

For a workflow that accesses secrets:

      - name: "publish npm"
        uses: "./.github/actions/publish-npm"
        env:
          NPM_TOKEN: "${{ secrets.NPM_TOKEN }}"

The extension is very helpful in checking if the secret NPM_TOKEN is actually defined or not.
However, it only checks secrets defined in the same repository (I suspect origin remote), and reports a false-positive error if it was defined in upstream, and origin is actually pointing to a fork:

Context access might be invalid: NPM_TOKEN

Expected behavior

All remotes to be checked for secrets, not just origin, and the error is no longer reported.

Screenshots

image

Extension Version
v0.26.3
@OmarTawfik OmarTawfik added the bug Something isn't working label Aug 20, 2024
@OmarTawfik OmarTawfik mentioned this issue Aug 20, 2024
Open
@OmarTawfik
Copy link
Author

cc @felipesu19

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
GitHub Actions VS Code Extension
Status: Backlog 🗒
Milestone
No milestone
Development

No branches or pull requests
1 participant
@OmarTawfik