Disable forks/PRs explanation

layr · April 26, 2022, 4:46pm

What are the definitions of ‘Disable forks’ and ‘Disable Pull Requests’ options under drone.domain/user/repo/settings → General → Project Webhooks?

Does the former mean none of the forked projects can trigger jobs & latter is same for pull requests?

If that’s the case, then how come these settings aren’t enabled by default, given they pose a security risk by accessing project or org secrets?

At any rate, it’d be nice if the UI included the definitions next to the options, as is the case for all the remaining boolean toggles below these two.

brad · April 26, 2022, 4:58pm

Does the former mean none of the forked projects can trigger jobs & latter is same for pull requests?

yes

If that’s the case, then how come these settings aren’t enabled by default, given they pose a security risk by accessing project or org secrets?

project and org secrets are disabled for pull requests by default, and should never be enabled for pull requests if the repository is public and accepts pull requests (for security reasons).