Skip to content

Fix project-board automation for fork PRs#1014

Merged
ideaship merged 1 commit into
mainfrom
fix/add-to-project-fork-prs
Jun 26, 2026
Merged

Fix project-board automation for fork PRs#1014
ideaship merged 1 commit into
mainfrom
fix/add-to-project-fork-prs

Conversation

@jklare

@jklare jklare commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Fork PRs trigger the pull_request event, which GitHub deliberately
runs without access to secrets. ADD_TO_PROJECT_PAT is therefore empty and
actions/add-to-project fails with a missing github-token.

pull_request_target runs in the base-repository context where secrets are
available. It is safe here because this workflow never checks out or executes
PR code — it only calls actions/add-to-project.

While here, hand over only the required ADD_TO_PROJECT_PAT secret to the
reusable workflow instead of exposing all repository and organization secrets
via secrets: inherit.

🤖 Generated with Claude Code

Fork PRs trigger the `pull_request` event, which GitHub deliberately
runs without access to secrets. `ADD_TO_PROJECT_PAT` is therefore empty and
`actions/add-to-project` fails with a missing github-token.

`pull_request_target` runs in the base-repository context where secrets are
available. It is safe here because this workflow never checks out or executes
PR code — it only calls `actions/add-to-project`.

While here, hand over only the required `ADD_TO_PROJECT_PAT` secret to the
reusable workflow instead of exposing all repository and organization secrets
via `secrets: inherit`.

AI-assisted: Claude Code
Signed-off-by: Jan Klare <klare@osism.tech>
@github-actions

Copy link
Copy Markdown

⚠️MegaLinter analysis: Success with warnings

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 5 0 0 0.04s
✅ JSON jsonlint 4 0 0 0.09s
✅ JSON prettier 4 0 0 0.37s
✅ JSON v8r 4 0 0 9.78s
✅ MARKDOWN markdownlint 160 0 0 2.33s
✅ MARKDOWN markdown-table-formatter 160 0 0 0.38s
✅ REPOSITORY checkov yes no no 19.51s
✅ REPOSITORY git_diff yes no no 0.04s
✅ REPOSITORY secretlint yes no no 1.8s
✅ REPOSITORY trufflehog yes no no 4.73s
✅ SPELL codespell 170 0 0 0.59s
⚠️ SPELL lychee 170 1 0 23.05s
✅ YAML prettier 6 0 0 0.33s
✅ YAML v8r 6 0 0 7.07s
✅ YAML yamllint 6 0 0 0.56s

Detailed Issues

⚠️ SPELL / lychee - 1 error
📝 Summary
---------------------
🔍 Total..........922
🔗 Unique.........746
✅ Successful.....851
⏳ Timeouts.........9
🔀 Redirected......47
👻 Excluded........61
❓ Unknown..........0
🚫 Errors...........1
⛔ Unsupported......1

Errors in docs/appendix/security/ossa-2026-001.md
[TIMEOUT] https://bugs.launchpad.net/keystonemiddleware/+bug/2129018 (at 124:3) | Request timed out

Errors in docs/appendix/security/ossa-2026-002.md
[TIMEOUT] https://bugs.launchpad.net/nova/+bug/2137507 (at 111:3) | Request timed out

Errors in docs/appendix/security/ossa-2026-005.md
[TIMEOUT] https://bugs.launchpad.net/keystone/+bug/2142138 (at 109:3) | Request timed out

Errors in docs/appendix/security/ossa-2026-015.md
[TIMEOUT] https://bugs.launchpad.net/keystone/+bug/2148398 (at 174:3) | Request timed out
[TIMEOUT] https://bugs.launchpad.net/keystone/+bug/2148477 (at 175:3) | Request timed out
[TIMEOUT] https://bugs.launchpad.net/keystone/+bug/2149789 (at 177:3) | Request timed out
[TIMEOUT] https://bugs.launchpad.net/keystone/+bug/2150089 (at 178:3) | Request timed out

Errors in docs/appendix/security/ossa-2026-022.md
[TIMEOUT] https://bugs.launchpad.net/nova/+bug/2151252 (at 145:3) | Request timed out

Errors in docs/release-notes/index.md
[ERROR] https://release.osism.tech/ (at 11:1) | Connection failed. Check network connectivity and firewall settings

Errors in docs/release-notes/osism-10.md
[TIMEOUT] https://gateway-api.sigs.k8s.io/ (at 603:3) | Request timed out

Hint: Followed 47 redirects. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_SECRETLINT,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,SPELL_CODESPELL,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@jklare jklare requested a review from ideaship June 26, 2026 13:42
@ideaship ideaship merged commit a8949aa into main Jun 26, 2026
3 checks passed
@ideaship ideaship deleted the fix/add-to-project-fork-prs branch June 26, 2026 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants