Allow Build for Pull Requests / Code Sign Artifacts using an option #1524
Comments
djalmaaraujo
changed the title
|
env |
|
Do you want also publish? |
|
Make sure the documentation for this option clearly states the security implications of turning it on (at least when using Travis CI). |
…ecurity implications of turning it on #1524
|
@develar Thanks for that. |
|
@develar - If one also wants publish, is there a way to do that as well? In my org's workflow, we want to have built artifacts against a draft GitHub release based on a pull request made from a branch inside the repository (as opposed to a fork of the repository) for internal code review purposes (the master branch is protected and can't be merged to unless an approved PR is made). Security-wise, I feel fine enabling this since we have building PR's from or exposing protected environment variables to forks turned off in the CI configuration. Is there a way to enable publish from a PR? |
|
@krystophv option will be added in 2 days, thanks for feature request. |
|
@krystophv I end up using a custom script to upload the artifacts generated because the electron-builder uploader is not that flexible. I used this package: https://github.com/remixz/publish-release |
|
PUBLISH_FOR_PULL_REQUEST is added. |
After this issue: #1354 we are not allowing to code sign artifacts during a pull-request build. While I understand the security issue, I still think that would be useful to have an option like
build_for_pull_requests(boolean).In our current workflow, we build/codesign apps to make real tests during the development of big features. We can easily perform QA tests with that option.
Right now, I have a workaround to make this work, but it's hacky:
Setting all these 3 vars
TRAVIS_PULL_REQUESTCI_PULL_REQUESTCI_PULL_REQUESTStofalseon the CI would make the build run for pull requests.The text was updated successfully, but these errors were encountered: