If there are secrets in the now.json file or changes to the now.json file itself, we will not automatically deploy the changes. Instead, we’ll show a message that you, or a member of the team that the GitHub repository is connected to with Now, should authorize the deployment.
The UI of a GitHub PR showing that Now cannot deploy without authorization.
When clicking on Details, you or a member of the Now account or team linked to the GitHub repository will be prompted to authorize the deployment.
The page is shown when prompted to authorize a deployment of a PR from a fork.
Here we show you the keys used in the now.json and show easy access links to related code changes. So, you can decide whether this pull request is harmful or not.
Within this page, we'll list the information for what is to be authorized in order to be deployed. This includes which secrets will be used in the deployment, which commit is being deployed, and which pull request it comes from. From this information and the information from the pull request itself, reviewers can decide whether the code is safe to deploy or not. Each further commit will follow the same process so that there is no harm to your code in any circumstance.
If the code is safe to deploy, all it takes is a click on the AUTHORIZE button on that page and Now will deploy that pull request immediately.
A pull request made from a fork that was deployed and merged. This is from our own documentation repository which is open source!