Integration tests always fail for pull requests from a fork

[zimeg]

Description

For PRs sent from a fork, the integration tests always fail since secrets for the action are not being shared. Example in #250.

From the "Actions" tab in settings:

Anyone with collaborator access to this repository can use these secrets and variables for actions. They are not passed to workflows that are triggered by a pull request from a fork.

It looks like there's a workaround that requires some additions to the workflow file to use secrets on a re-run. I'm unsure of other solutions, but I think this approach seems alright!

What type of issue is this?

• bug
• enhancement (feature request)
• question
• documentation related
• example code related
• testing related
• discussion

Requirements

• I've read and understood the Contributing guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.
• I've searched for any related issues and avoided creating a duplicate issue.

[WilliamBergamin]

@zimeg Will this approach ensure that a bad actor isn't able to print or scrape/send our secrets by opening a PR from a fork?

These secrets are restricted in the isolated test Team but I don't think anyone wants to update them for no reason 😟

[WilliamBergamin]

It may also be possible to implement something similar through the configuration of the workflow approval requirements of this repository in order to require approval of the changes before executing the GitHub actions 💡

[zimeg]

@WilliamBergamin these might compliment each other well! I think even with approvals, "workflows from forks do not have access to sensitive data such as secrets" so we may want to use the workflow approval requirement to require an approval, then use this approach to share secrets (if all of the changes seem safe).