From c5e601d726b6a7da6cf957d27c5672e5201aafad Mon Sep 17 00:00:00 2001
From: Benoit Marty <benoitm@matrix.org>
Date: Wed, 17 Aug 2022 13:08:26 +0200
Subject: [PATCH] Set GITHUB_TOKEN to let Danger be able to work on PR from
 forks.

---
 .github/workflows/danger.yml  | 2 ++
 .github/workflows/quality.yml | 2 ++
 docs/danger.md                | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml
index a1d754b4de..d36f2d0765 100644
--- a/.github/workflows/danger.yml
+++ b/.github/workflows/danger.yml
@@ -16,3 +16,5 @@ jobs:
           args: "--dangerfile tools/danger/dangerfile.js"
         env:
           DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}
+          # Fallback for forks
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
index 6e5e2e4d67..544d9081f8 100644
--- a/.github/workflows/quality.yml
+++ b/.github/workflows/quality.yml
@@ -71,6 +71,8 @@ jobs:
           args: "--dangerfile tools/danger/dangerfile-lint.js"
         env:
           DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}
+          # Fallback for forks
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   # Gradle dependency analysis using https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin
   dependency-analysis:
diff --git a/docs/danger.md b/docs/danger.md
index acf14018e6..afa3555469 100644
--- a/docs/danger.md
+++ b/docs/danger.md
@@ -85,6 +85,8 @@ To let Danger check all the PRs, including PRs form forks, a GitHub account have
 - password: Stored on Passbolt
 - GitHub token: A token with limited access has been created and added to the repository https://github.com/vector-im/element-android as secret DANGER_GITHUB_API_TOKEN. This token is not saved anywhere else. In case of problem, just delete it and create a new one, then update the secret.
 
+PRs from forks do not always have access to the secret `secrets.DANGER_GITHUB_API_TOKEN`, so `secrets.GITHUB_TOKEN` is also provided to the job environment. If `secrets.DANGER_GITHUB_API_TOKEN` is available, it will be used, so user `ElementBot` will comment the PR. Else `secrets.GITHUB_TOKEN` will be used, and bot `github-actions` will comment the PR.
+
 ## Useful links
 
 - https://danger.systems/