Hi
I’m trying to build a Forge Jira app based on one of the templates. To iterate faster on that that, I’ve built a couple CI workflows to deploy and lint the app code in GitHub private repo. To run ‘forge lint/‘forge deploy’’, I had to provide FORGE_API_TOKEN environment variable - otherwise all forge commands just fail with error
Now, since API token is obviously sensitive, it is stored in GitHub secrets. However, those secrets are inaccessible when there is a PR from another repo - e.g. most specifically, from Dependabot. As a result, ‘forge lint’ command fails, and PR checks don’t work on Dependabot PRs
It doesn’t quite make sense to me that a pure ‘lint’ tool requires an API token - is there any background as to why it is built in this way? Is it possible to run ‘forge lint’ without credentials?