Reveal secret vars only for non-fork Pull Requests

#1

Description of the feature request

Currently Secret Vars are either not available to any PR, or available to all PRs, including PRs from forked repos. Github Actions and Travis CI both allow access to secret vars from PRs from non-fork PRs.

Use case / for what or how I would use it

Making Secret Vars available to PRs from forked repos is a security risk, but making them available for internal PRs is very useful (creating signed test builds, adding comments to PRs, etc).

0 Likes

#2

It seems that you can currently achieve the same result in a little bit different way.

On Bitrise If secret is available to PR builds and PR is from a fork then the build need to be manually approved.

0 Likes