Clarity on "Permissive building of fork pull requests"


We’re trying to set up our CircleCI environment so we can have all our PRs from contributors build, but not expose our environment variables set up through the Circle web UI.

The settings page and docs are out of sync with each other (docs referencing settings that don’t exist), so we’re getting very confused by the behaviour we’re seeing.

My understanding that by setting “Permissive building of fork pull requests” to “Off”, our PRs would still build, but the exporting of the environment variables would not happen. When we set this to Off, our PRs don’t build at all. Setting it to “On” will trigger builds of PRs, and will not export the environment variables, but previously, without any settings changes, it would export the environment variables.

Can someone please provide some clarity on this? I don’t want to allow permissive building and have it expose our environment variables down the line.


1 Like

Hey Daniel-- I don’t have an answer to your question, unfortunately, but here’s a similar one I asked in case it gets a response.

Sorry about the docs being out of date. The settings UI just recently changed, so we have not had a change to update them yet.

To have the prior behavior that the docs say the one setting would be, you want Build Forked PR builds on, and share envs off.

I would like to be able to upload artifacts from a forked PR build to a server. I would like to be able to set an environment variable containing credentials that are used to upload the artifacts to the server in a final deploy step, but are not exposed to the forked build.

Then you want the settings in my post above.

Hi, Joseph. Thanks for your reply. If I set Build Forked PR builds on, and share envs off, how will the fork build have access to the credentials needed to upload build artifacts to our server?

I’m sorry, I misread. You can either share or not share, not share for part. You would need to create a new feature request for something like that.