From 48cb0b70139de20906293ced4c51f561a62dbcde Mon Sep 17 00:00:00 2001 From: Uruk Date: Tue, 30 Sep 2025 12:17:38 +0200 Subject: [PATCH 1/3] fix: prevent permission errors when workflow runs from forks Adds fork detection to skip comment operations when running from external repositories, preventing 403 permission errors. Implements early exit when pull request or workflow run originates from a fork, and wraps comment operations in try-catch to handle remaining permission issues gracefully by logging build status instead. --- .github/workflows/artifact-comment.yml | 84 +++++++++++++++++--------- 1 file changed, 57 insertions(+), 27 deletions(-) diff --git a/.github/workflows/artifact-comment.yml b/.github/workflows/artifact-comment.yml index d032dd67..e6d902b1 100644 --- a/.github/workflows/artifact-comment.yml +++ b/.github/workflows/artifact-comment.yml @@ -29,6 +29,17 @@ jobs: uses: actions/github-script@v8 with: script: | + // Check if we're running from a fork + const isFromFork = context.payload.pull_request?.head?.repo?.full_name !== context.repo.owner + '/' + context.repo.repo; + const workflowFromFork = context.payload.workflow_run?.head_repository?.full_name !== context.repo.owner + '/' + context.repo.repo; + + if (isFromFork || workflowFromFork) { + console.log('🚫 Workflow running from fork - skipping comment creation to avoid permission errors'); + console.log('Fork repository:', context.payload.pull_request?.head?.repo?.full_name || context.payload.workflow_run?.head_repository?.full_name); + console.log('Target repository:', context.repo.owner + '/' + context.repo.repo); + return; + } + // Handle repository_dispatch, pull_request, and manual dispatch events let pr; let targetCommitSha; @@ -403,34 +414,53 @@ jobs: commentBody += `*Auto-generated by [GitHub Actions](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})*`; commentBody += `\n`; - // Find existing bot comment to update - const { data: comments } = await github.rest.issues.listComments({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: pr.number - }); - - const botComment = comments.find(comment => - comment.user.type === 'Bot' && - comment.body.includes('') - ); - - if (botComment) { - // Update existing comment - await github.rest.issues.updateComment({ + // Try to find existing bot comment to update (with permission check) + try { + const { data: comments } = await github.rest.issues.listComments({ owner: context.repo.owner, repo: context.repo.repo, - comment_id: botComment.id, - body: commentBody + issue_number: pr.number }); - console.log(`✅ Updated comment ${botComment.id} on PR #${pr.number}`); - } else { - // Create new comment - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: pr.number, - body: commentBody - }); - console.log(`✅ Created new comment on PR #${pr.number}`); + + const botComment = comments.find(comment => + comment.user.type === 'Bot' && + comment.body.includes('') + ); + + if (botComment) { + // Update existing comment + await github.rest.issues.updateComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: botComment.id, + body: commentBody + }); + console.log(`✅ Updated comment ${botComment.id} on PR #${pr.number}`); + } else { + // Create new comment + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: pr.number, + body: commentBody + }); + console.log(`✅ Created new comment on PR #${pr.number}`); + } + } catch (error) { + if (error.status === 403) { + console.log('🚫 Permission denied - likely running from a fork. Skipping comment creation.'); + console.log('Error details:', error.message); + + // Log the build status instead of commenting + console.log('📊 Build Status Summary:'); + for (const target of buildTargets) { + const matchingStatus = buildStatuses[target.statusKey]; + if (matchingStatus) { + console.log(`- ${target.name}: ${matchingStatus.status}/${matchingStatus.conclusion || 'none'}`); + } + } + } else { + // Re-throw other errors + throw error; + } } From b372c353c0c97af81b2f1f523c0f7c338a5ae5ab Mon Sep 17 00:00:00 2001 From: Uruk Date: Tue, 30 Sep 2025 12:44:13 +0200 Subject: [PATCH 2/3] fix: improve fork detection logic in artifact comment workflow Enhances fork detection by implementing more precise repository comparison logic and adds comprehensive debugging output to troubleshoot permission issues. Changes null-safe comparisons to prevent false positives when repository information is undefined, ensuring the workflow only skips comment creation for actual cross-repository forks rather than same-repository scenarios. --- .github/workflows/artifact-comment.yml | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/artifact-comment.yml b/.github/workflows/artifact-comment.yml index e6d902b1..949cb8a9 100644 --- a/.github/workflows/artifact-comment.yml +++ b/.github/workflows/artifact-comment.yml @@ -29,18 +29,30 @@ jobs: uses: actions/github-script@v8 with: script: | - // Check if we're running from a fork - const isFromFork = context.payload.pull_request?.head?.repo?.full_name !== context.repo.owner + '/' + context.repo.repo; - const workflowFromFork = context.payload.workflow_run?.head_repository?.full_name !== context.repo.owner + '/' + context.repo.repo; + // Check if we're running from a fork (more precise detection) + const targetRepo = context.repo.owner + '/' + context.repo.repo; + const prHeadRepo = context.payload.pull_request?.head?.repo?.full_name; + const workflowHeadRepo = context.payload.workflow_run?.head_repository?.full_name; + + // For debugging + console.log('🔍 Repository detection:'); + console.log('- Target repository:', targetRepo); + console.log('- PR head repository:', prHeadRepo || 'N/A'); + console.log('- Workflow head repository:', workflowHeadRepo || 'N/A'); + console.log('- Event name:', context.eventName); + + // Only skip if it's actually a different repository (fork) + const isFromFork = prHeadRepo && prHeadRepo !== targetRepo; + const workflowFromFork = workflowHeadRepo && workflowHeadRepo !== targetRepo; if (isFromFork || workflowFromFork) { console.log('🚫 Workflow running from fork - skipping comment creation to avoid permission errors'); - console.log('Fork repository:', context.payload.pull_request?.head?.repo?.full_name || context.payload.workflow_run?.head_repository?.full_name); - console.log('Target repository:', context.repo.owner + '/' + context.repo.repo); + console.log('Fork repository:', prHeadRepo || workflowHeadRepo); + console.log('Target repository:', targetRepo); return; } - // Handle repository_dispatch, pull_request, and manual dispatch events + console.log('✅ Same repository - proceeding with comment creation'); // Handle repository_dispatch, pull_request, and manual dispatch events let pr; let targetCommitSha; From 4a28352b53e4f3e1764542ff37d709ef56e6ad06 Mon Sep 17 00:00:00 2001 From: Fredrik Burmester Date: Wed, 1 Oct 2025 08:32:34 +0200 Subject: [PATCH 3/3] chore: remove log --- components/settings/HomeIndex.tsx | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/components/settings/HomeIndex.tsx b/components/settings/HomeIndex.tsx index e1e08d09..a212f0a8 100644 --- a/components/settings/HomeIndex.tsx +++ b/components/settings/HomeIndex.tsx @@ -460,12 +460,7 @@ export const HomeIndex = () => { style={{ marginTop: Platform.isTV ? 0 : -100 }} contentContainerStyle={{ paddingTop: Platform.isTV ? 0 : 100 }} > - { - console.log(`Now viewing carousel item ${index}`); - }} - /> +