I completely understand why passing secrets to all forked PRs is unwise (an attacker could rewrite your
.circleci/config.yml or any myriad of other files and print them). However, this also means our system tests can not effectively run pre-merge, which is also problematic.
Feature request: Make it such that (if we so configure it) secrets can be passed to fork PRs, but only after a GitHub collaborator has approved the PR using the GitHub review system. Thus, anyone using this tooling can have a workflow along the lines of:
- PR is submitted from external contributor.
- Unit tests run and pass on CircleCI
- Someone with commit bit reviews the PR and approves it in GitHub
- Unit and system tests run and pass on CircleCI
- Branch is able to be merged
Thank you for your consideration.