(I’ve merged this FR with a duplicate one with a better title)
As per above, IMO the fork author does trust the upstream code with their credentials – since they are the last person making changes to the codebase.
- The sharing can also be made explicit so that the PR author knows of this fact
- This also raises the question of what to do if someone else makes a contribution to the PR branch.
- I’d say the secrets should only be shared if the last commit is by the PR’s author (if author and commiter are different, committer name should take precedence)
- So if someone else wishes to add changes, they need to make a PR to their PR (this is possible by specifying the PR branch as the base branch when creating the nested PR) – which will only get to the original PR after the original author merges them, with their merge commit being the last one.
- The secrets can also be provided – but from the upstream repo – if the additional commit is by an upstream developer – since this effectively makes the PR at this specific commit an internal one.
- I’d say the secrets should only be shared if the last commit is by the PR’s author (if author and commiter are different, committer name should take precedence)