Skip to content

fix: use 'e2e' label trigger for secure secrets access#79

Merged
gh-simili-bot merged 1 commit intomainfrom
fix/e2e-secrets-access
Feb 18, 2026
Merged

fix: use 'e2e' label trigger for secure secrets access#79
gh-simili-bot merged 1 commit intomainfrom
fix/e2e-secrets-access

Conversation

@Kavirubc
Copy link
Member

@Kavirubc Kavirubc commented Feb 18, 2026

Problem

The previous fix used pull_request_review to trigger E2E tests. However, workflows triggered by reviews on forked PRs do not have access to secrets, regardless of approval status. This caused the E2E workflow to fail immediately.

Solution

Switch trigger to pull_request_target (types: labeled).

  • Secret Access: Valid (runs in base repo context).
  • Security Gate: Runs ONLY when the e2e label is added.
  • Verification: Maintainers must review code, approve, and then add the e2e label to run the test.

Checks out PR code securely via explicit ref logic.

@Kavirubc
ci: use labeled trigger for E2E to fix missing secrets
cc6de5a 
Switch from `pull_request_review` to `pull_request_target` (types: labeled).
The review event on forked PRs does not grant access to secrets, causing E2E failures.
Using `pull_request_target` filters by the 'e2e' label ensures:
1. Access to secrets (secure context).
2. Manual approval gate (maintainer adds label).
3. Explicit checkout of PR code via ref logic.

Signed-off-by: Kavirubc <hapuarachchikaviru@gmail.com>
@gh-simili-bot
Copy link
Contributor

gh-simili-bot commented Feb 18, 2026

Simili Triage Report

Note

Quality Score: 9.5/10 (Excellent)
The issue could be improved. See suggestions below.

Classification

Category Value
Labels
Quality Improvements
  • Absence of direct link to the failing workflow run
  • Include a direct link to the specific workflow run that failed due to the described problem
Similar Threads
Similarity Thread Status
84% #77 Bug: E2E fails on forked PRs due to missing sec... Open
83% #78 fix: run E2E only when review is approved (secu... Open
77% #74 fix: prevent bot loop & enable E2E for forks Closed

Warning

Possible Duplicate (Confidence: 95%)
This pull request might be a duplicate of #77.
Reason: The current issue directly addresses the problem described in Issue #77: 'E2E fails on forked PRs due to missing secrets'. Both issues share the exact same root cause (lack of secret access for workflows triggered by pull_request_review on forked PRs) and the same expected outcome (E2E tests running securely with secret access on forked PRs). The solution proposed in the current issue (switching to pull_request_target with an e2e label trigger) would fully resolve Issue #77.

Generated by Simili Bot

@gh-simili-bot gh-simili-bot added the bug Something isn't working label Feb 18, 2026
@gh-simili-bot gh-simili-bot merged commit 5d10819 into main Feb 18, 2026
6 checks passed
@gh-simili-bot gh-simili-bot deleted the fix/e2e-secrets-access branch February 18, 2026 16:23
@github-project-automation github-project-automation bot moved this from Todo to Done in simili-bot-v1-release Feb 18, 2026
@gh-simili-bot gh-simili-bot mentioned this pull request Feb 18, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gh-simili-bot gh-simili-bot gh-simili-bot approved these changes

Assignees

No one assigned

Labels

bug Something isn't working e2e

Projects

simili-bot-v1-release
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Kavirubc @gh-simili-bot

Comments