Skip to content

Fix PR build workflow failing for fork contributors#723

Merged
pkevan merged 3 commits intotrunkfrom
pkevan/fix-pr-workflow-perms
Mar 10, 2026
Merged

Fix PR build workflow failing for fork contributors#723
pkevan merged 3 commits intotrunkfrom
pkevan/fix-pr-workflow-perms

Conversation

@pkevan
Copy link
Contributor

@pkevan pkevan commented Mar 10, 2026

Summary

  • Split pr-build-live-branch.yml into two workflows to fix the Resource not accessible by integration error that occurs when external contributors open PRs from forks
  • The build workflow (pull_request trigger) keeps read-only permissions — safe for untrusted fork code
  • A new comment workflow (workflow_run trigger) runs after the build completes with write permissions to post the WordPress Playground link, running in the base repo context so it always has the necessary permissions
  • Updated generate-playground-blueprint.js to accept a prNumber parameter since context.issue.number is not available in workflow_run context

Context

Fork PRs (e.g. #720) fail because the GITHUB_TOKEN for pull_request-triggered workflows from forks is restricted to read-only, regardless of declared permissions. The two-workflow split is the GitHub-recommended pattern for this scenario.

Test plan

  • Verify the build workflow succeeds for both fork and non-fork PRs
  • Verify the comment workflow triggers after build completion and posts the Playground link
  • Verify draft PRs and bot PRs are still skipped

pkevan added 3 commits March 10, 2026 10:07
@pkevan
Fix PR build workflow failing for fork contributors
0c6d6b6 
Split the build workflow into two: the build step (pull_request trigger,
read-only permissions) and a separate comment workflow (workflow_run
trigger, write permissions). This fixes the "Resource not accessible by
integration" error for fork PRs where the GITHUB_TOKEN is read-only.
@pkevan
Fix prettier formatting in pr-comment-playground.yml
240343c
@pkevan
Add tests for generate-playground-blueprint script
522c8c3
@pkevan pkevan merged commit ad4147f into trunk Mar 10, 2026
13 checks passed
@pkevan pkevan deleted the pkevan/fix-pr-workflow-perms branch March 10, 2026 10:32
@pkevan pkevan mentioned this pull request Mar 11, 2026
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pkevan