Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow k8s-content workflow to write #11020

Merged
merged 1 commit into from
Aug 23, 2023
Merged

Allow k8s-content workflow to write #11020

merged 1 commit into from
Aug 23, 2023

Conversation

yuumasato
Copy link
Member

Description:

  • Grant write permission to the k8s-content workflow

Rationale:

  • It seems that the permission is required to allow the workflow to sign the image.
  • The upstream k8s content image has not been updated for a while.

Review Hints:

@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@yuumasato
Allow the workflow to write
fc7440f 
Required to allow the workflow to sign the image
@codeclimate
Copy link

codeclimate bot commented Aug 23, 2023

Code Climate has analyzed commit fc7440f and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 53.3% (0.0% change).

View more on Code Climate.

@yuumasato
Copy link
Member Author

yuumasato commented Aug 23, 2023
edited
Loading

I'm not sure if this fixes the issue.
I had made the action to run on pull requests, but it didn't work:
https://github.com/ComplianceAsCode/content/actions/runs/5952262332

It could also be that this PR needs to be merged for the permissions to work properly.

@ggbecker
Copy link
Member

I'm not sure if this fixes the issue. I had made the action to run on pull requests, but it didn't work: https://github.com/ComplianceAsCode/content/actions/runs/5952262332

It could also be that this PR needs to be merged for the permissions to work properly.

Let's merge and see how it behaves, if it doesn't help we can revert it.

@ggbecker ggbecker merged commit 7b70e71 into ComplianceAsCode:master Aug 23, 2023
37 of 38 checks passed
@ggbecker ggbecker added the OpenShift OpenShift product related. label Aug 23, 2023
@yuumasato yuumasato deleted the fix_build_of_k8s_container branch August 23, 2023 15:08
@yuumasato
Copy link
Member Author

@ggbecker It worked, we got a different error, 😂

The workflow is not valid. .github/workflows/k8s-content.yaml (Line: 9, Col: 3): Error calling workflow 'metal-toolbox/container-push/.github/workflows/container-push.yml@main'. The nested job 'container' is requesting 'contents: read, packages: write', but is only allowed 'contents: none, packages: none'. .github/workflows/k8s-content.yaml (Line: 9, Col: 3): Error calling workflow 'metal-toolbox/container-push/.github/workflows/container-push.yml@main'. The nested job 'sign' is requesting 'packages: write', but is only allowed 'packages: none'.

@yuumasato
Copy link
Member Author

Actually, I see now the the error is the same as in my PR, 🤦

@yuumasato
Copy link
Member Author

Following up on #11021

@Mab879 Mab879 added this to the 0.1.70 milestone Sep 14, 2023
@Mab879 Mab879 added the Infrastructure Our content build system label Oct 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ggbecker ggbecker ggbecker approved these changes

@JAORMX JAORMX Awaiting requested review from JAORMX

@Vincent056 Vincent056 Awaiting requested review from Vincent056

Assignees

@ggbecker ggbecker

Labels
Infrastructure Our content build system OpenShift OpenShift product related.
Projects
None yet
Milestone
0.1.70
Development

Successfully merging this pull request may close these issues.
3 participants
@yuumasato @ggbecker @Mab879