Drone on pull request fails

GregJan · October 6, 2022, 7:15pm

Hi Drone team. I have been using drone on Gitea to make deployments to k8s. However I have been struggling recently to implement successful drone build when the trigger is a Pull Request. When I trigger the same build with a push no problems… puzzling.
For example this drone config

- name: deploy-staging
    image: sinlead/drone-kubectl
    settings:
      kubernetes_server:
        from_secret: k8s_server_staging
      kubernetes_cert:
        from_secret: k8s_cert_staging
      kubernetes_token:
        from_secret: k8s_token_staging
    commands:
      - kubectl delete deployment cpmgeo-coop-obs-deployment -n cpm-geo
    when:
      event:
      - push
      - pull_request
      branch:
      - staging

would give this error

+ kubectl delete deployment cpmgeo-coop-obs-deployment -n cpm-geo
User "default" set.
WARNING: Using insecure connection to cluster
Cluster "default" set.
Context "default" created.
Switched to context "default".
Error from server (Forbidden): deployments.apps "xxxxxt" is forbidden: User "system:serviceaccount:drone:default" cannot delete resource "deployments" in API group "apps" in the namespace "cpm-geo"

it looks like it is using the wrong service account whereas it works perfeclty when the trigger is comming from a push. (edited)
I am doing it wrong here?

brad · October 10, 2022, 12:20am

when you created your secrets, did you enable them for pull requests?
https://docs.drone.io/secret/repository/#pull-requests

GregJan · November 4, 2022, 11:31am

Yes I -shamefully- realised that shortly after. Thanks for answering anyways Hopefully it helps someone else.