Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Combining trigger pull_request and workflow_run

See original GitHub issue

Hi, as per GitHub recommendations, it’s dangerous to use pull_request_target, they recommend using pull_request with workflow_run.

I have tried to do this with this GitHub Action here and here are the logs:

/usr/bin/docker run --name e400d0fdeb040d443bb87865509f8e811d_620554 --label 5588e4 --workdir /github/workspace --rm -e INPUT_CHECK_NAME -e INPUT_GITHUB_TOKEN -e INPUT_FILES -e INPUT_REPORT_INDIVIDUAL_RUNS -e INPUT_CHECK_RUN_ANNOTATIONS -e INPUT_COMMIT -e INPUT_COMMENT_TITLE -e INPUT_DEDUPLICATE_CLASSES_BY_FILE_NAME -e INPUT_HIDE_COMMENTS -e INPUT_COMMENT_ON_PR -e INPUT_TEST_CHANGES_LIMIT -e INPUT_CHECK_RUN_ANNOTATIONS_BRANCH -e INPUT_LOG_LEVEL -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/nHapi/nHapi":"/github/workspace" 5588e4:00d0fdeb040d443bb87865509f8e811d
2021-02-10 20:52:10 +0000 - publish-unit-test-results -  INFO - reading **/*.xml
2021-02-10 20:52:10 +0000 - publish.publisher -  INFO - publishing success results for commit b1e94751b354cc4fbd75e4bb282eca419f6555d4
2021-02-10 20:52:10 +0000 - publish.publisher -  INFO - creating check
2021-02-10 20:52:11 +0000 - publish.publisher -  INFO - there is no pull request for commit b1e94751b354cc4fbd75e4bb282eca419f6555d4

what am I missing to ensure it will comment on the forked PR?

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:10 (5 by maintainers)

github_iconTop GitHub Comments

EnricoMicommented, Feb 11, 2021

You need to somehow get the action to know the commit sha, maybe like this:

  commit: ${{ github.event.workflow_run.head_sha }}
EnricoMicommented, May 25, 2021

The code that downloads artifacts from the triggering workflow can be simplified from:

- name: Download Artifacts
  uses: actions/github-script@v3
    script: |
       var fs = require('fs');
       var path = require('path');
       var artifacts_path = path.join('${{github.workspace}}', 'artifacts')
       fs.mkdirSync(artifacts_path, { recursive: true })

       var artifacts = await github.actions.listWorkflowRunArtifacts({
          owner: context.repo.owner,
          repo: context.repo.repo,
          run_id: ${{ }},

       for (const artifact of {
          var download = await github.actions.downloadArtifact({
             owner: context.repo.owner,
             repo: context.repo.repo,
             archive_format: 'zip',
          var artifact_path = path.join(artifacts_path, `${}.zip`)
          fs.writeFileSync(artifact_path, Buffer.from(;
          console.log(`Downloaded ${artifact_path}`);
- name: Extract Artifacts
  run: |
    for file in artifacts/*.zip
      if [ -f "$file" ]
        mkdir -p "$dir"
        unzip -d "$dir" "$file"


- name: Download and Extract Artifacts
  run: |
    mkdir artifacts && cd artifacts

    artifacts_url=${{ github.event.workflow_run.artifacts_url }}
    artifacts=$(gh api $artifacts_url -q '.artifacts[] | {name: .name, url: .archive_download_url}')

    for artifact in $artifacts
      name=$(jq -r .name <<<$artifact)
      url=$(jq -r .url <<<$artifact)
      gh api $url > "$"
      unzip -d "$name" "$"

I think you use the first version. Whereas I now move to the below simplified version. Just in case you are interested. Both versions work equally well.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Events that trigger workflows - GitHub Docs
Runs your workflow when a pull request is added to a merge queue, which adds the pull request to a merge group. For...
Read more >
Working with triggers - Amazon CodeCatalyst
A trigger is logic that determines when a workflow run should start. A trigger includes one or more events such as a code...
Read more >
Pull Request is not detecting action when run via workflow_run
Before I merge it, I will have it point to main, so I suppose we'll have to force merge it in the first...
Read more >
Github Actions: a deep dive into pull_request
We have put together specific behaviors and information that you'll need to use pull_request as a trigger for your Github Actions workflow.
Read more >
Workflow Triggers - Semaphore 2.0 Documentation
You can, however, still restart a past workflow, run a debug session, ... pushed to the pull request, Semaphore uses the MERGE commit...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found