Propogation of Secret to Forks

[Kannav02]

The CI pipeline prevents any PRs coming from a fork to pass through because the secrets are not being propagated to the forks

an example of the affected lines can be seen here

Expected/Original Behaviour

Unexpected / Forked Repo Behaviour

I know what line is causing this issue and would like to propose a fix for the same

• The events will now get triggered by the pull_request_target event, which will allow the CI pipeline to run in the context of the upstream repo which in our case is the original repo with the secrets
• now since this might also lead to the secrets being misused by unknown contributors, what we could do is also add the "Approval to run the CI by maintainers for the first-time contributors"

[Kannav02]

I believe i can even incorporate further details about how a user can setup the ENV variables like the google_service_key in this issue ,as the documentation right now is unclear, even i had issues when i first tried to setup my variables, would you want me to also work on that @luarss ?

[Kannav02]

any updates on this @luarss ?

[luarss]

I believe i can even incorporate further details about how a user can setup the ENV variables like the google_service_key in this issue ,as the documentation right now is unclear, even i had issues when i first tried to setup my variables, would you want me to also work on that @luarss ?

Yes, documentation is welcome!

For now, I think I will revise the secrets-based workflow to be only run on main branch, so that PRs can still run as normal