Skip to content

TASK: Harden new gh e2e tests, use pull_request.#4091

Open
mhsdesign wants to merge 1 commit intoneos:9.0from
mhsdesign:task/harden-new-gh-e2e-tests
Open

TASK: Harden new gh e2e tests, use pull_request.#4091
mhsdesign wants to merge 1 commit intoneos:9.0from
mhsdesign:task/harden-new-gh-e2e-tests

Conversation

@mhsdesign
Copy link
Member

@mhsdesign mhsdesign commented Mar 5, 2026

What I did

How I did it

How to verify it

@mhsdesign
TASK: Harden new gh e2e tests, use pull_request again without `secr…
1a26b30 
…ets`

Currently we use the workaround via `pull_request_target` to provide access to our secret in forks. This is more dangerous than exposing the one api key as variable. For example in case a new gh-secret is added which should really be kept secret.

Before storing the variable really really plain we obfuscate it a little though the encryption password is in the source code, so anyone can retrieve it. But the bes they can do is run e2e tests on saucelabs - so happy testing?:D

```
echo "the-key" | openssl enc -e -des3 -base64 -pass pass:neos -pbkdf2
```

Also `pull_request_target` does not work properly as tests are always run with neos-version: '9.1' - the highest - instead of the appropriate version by branch.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

9.0 Task

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mhsdesign