required status check before merge will never run from forks #230
Description
Pull requests originating from forks will never pass CI due to CI never running on forked code.
This is a Cloudflare limitation, documented here:
https://developers.cloudflare.com/pages/configuration/preview-deployments/#:~:text=Every%20time%20you%20open%20a,originate%20from%20the%20repository%20itself.
Solutions
A couple options we have are simply not requiring deployments for pull requests, however, that's a problematic outcome that causes issues, such as needing two pulls to fix an issue because it wasn't accessible online to fix.
We need some sort of method to build our website, and publish it ourselves.
Thankfully, we're lucky. We can combine GitHub Actions and CloudFlare pages generous free tiers, and publish our website on Cloudflare using a GitHub Action.
As a public open source repository, we have unlimited action minutes on GitHub.
We will also avoid the 500 build limit on Cloudflare pages by building within GitHub Actions, where we have no such limit.
Documentation on how to make a secure workflow: https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
Proposal
- implement a workflow to build the website in GitHub actions
- integrate Cloudflare pages into the action workflow for preview builds of said website
- maybe consider switching to Cloudflare for production as well?
- add comments to pull requests with links to the built site on each pull request.
Implementation
Let me know if this sounds good, as I'm prepared to implement it if you all agree.