Currently, ansible-lint in the CI workflow requires secrets from the main repository to run properly. These secrets are not available when the workflow runs on a PR from a fork to prevent exfiltration. If we want to support PRs from forks, we need to provide dummy defaults to the vault variables to avoid errors (see ansible/ansible-lint#3313). I'm a bit uncomfortable with this, because we don't want to accidentally use the dummy values.
Alternatively, we can just require that PR branches be pushed to the main repository instead of a fork. We are unlikely to be receiving external contributions anyway.
Currently, ansible-lint in the CI workflow requires secrets from the main repository to run properly. These secrets are not available when the workflow runs on a PR from a fork to prevent exfiltration. If we want to support PRs from forks, we need to provide dummy defaults to the vault variables to avoid errors (see ansible/ansible-lint#3313). I'm a bit uncomfortable with this, because we don't want to accidentally use the dummy values.
Alternatively, we can just require that PR branches be pushed to the main repository instead of a fork. We are unlikely to be receiving external contributions anyway.