What Is a Fork?
A fork is your own server-side copy of someone else's repository, where you can make changes freely and propose them back via a pull request.
A fork is how you contribute to a project you do not have write access to. Instead of branching inside the original repository, you copy the whole thing into your own account, work there, and open a pull request back to the original. It is the backbone of open-source collaboration.
Fork versus clone
A clone copies a repository to your local machine. A fork copies it on the hosting platform into your own namespace. You typically fork on the server, then clone your fork locally. The fork gives you a place to push to even when you cannot push to the original.
The fork-and-pull workflow
You fork the upstream project, clone your fork, add the original as a remote called upstream, and keep your fork in sync.
gh repo fork owner/project --clone
git remote add upstream https://github.com/owner/project.git
git fetch upstreamProposing changes back
You push a branch to your fork and open a pull request targeting the original repository. Maintainers review it there. Because you own the fork, you can iterate freely without needing any permissions on the upstream project.
Forks and CI/CD
Pull requests from forks raise a security question: the fork author should not automatically gain access to the upstream project's secrets. CI platforms run fork PRs with restricted permissions and require maintainer approval before workflows that need secrets will run, protecting deploy keys and tokens from untrusted code.
Keeping a fork current
- Add the original repository as an upstream remote.
- Fetch and merge upstream changes regularly to avoid drift.
- Open pull requests from a feature branch, not your default branch.
- Expect restricted CI permissions on pull requests from forks.
Key takeaways
- A fork is a server-side copy of a repository in your own namespace.
- It powers open-source contribution through the fork-and-pull workflow.
- CI restricts secrets on fork pull requests to protect untrusted code.