Create Pull Request from Forked Repo

[lampajr]

Give the possibility to open the backporting pull request from the forked repository, obviously in this case we assume the provided token has proper permissions on the forked repository.

Steps need:

• Parameterize this new feature, by default create PR from target repo
• If this new feature is enabled:
  • Add new remote
  • Push branch to this remote
  • Create pr setting head has <fork-owner>:<branch-name>

[earl-warren]

This helps reduce the risk to the target repository if the token is leaked: it does not need permission to write.

[lampajr]

This helps reduce the risk to the target repository if the token is leaked: it does not need permission to write.

I definitely agree with you!
Is this something you'd be willing to submit a pull request for? Otherwise I can try to find some time to work on this in the coming week.

[lampajr]

After some further investigation, I think that this feature would make sense only for those users that actually run the tool as CLI, i.e., providing their own GITHUB_TOKEN.

Whereas, in GitHub action context, the action is always run using the repository GITHUB_TOKEN (or any other PAT created in that repo) which does not have any rights to push new branches into the forked repository making this feature quite useless for GitHub action scenarios.

[earl-warren]

Except when a PAT with proper permissions is provided with auth. A Forgejo Action does this to cascade pull requests between repositories:

• The workflow is given the PAT
• Pushes the change to a branch of a forrk
• Opens a pull request in the destination repository

The key here is that the PAT has no write access to the destination repository, only to the repository from which the pull request will be made, which is better from a security perspective.

[lampajr]

That's interesting, thanks for sharing this 🙏