Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grant packages write permissions to k8s-content workflow #11021

Merged
merged 1 commit into from
Aug 24, 2023
Merged

Grant packages write permissions to k8s-content workflow #11021

merged 1 commit into from
Aug 24, 2023

Conversation

yuumasato
Copy link
Member

@yuumasato yuumasato commented Aug 23, 2023
edited
Loading

Description:

  • Grant contents: read permission to k8s-content action
  • Grant packages: write permission to k8s-content action

Rationale:

Review Hints:

@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@yuumasato yuumasato force-pushed the write_package-k8s-contents branch 2 times, most recently from 9fa4845 to a47b02f Compare August 23, 2023 15:21
@yuumasato
Copy link
Member Author

I had to grant even contents: read, 🤔

It seems that the repo is creating GITHUB_TOKENs with permissions stricter than the default restricted.
https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

@yuumasato yuumasato mentioned this pull request Aug 23, 2023
Merged
@yuumasato
Grant packages permissions to k8s-content workflow
89ddeda 
The workflow needs to publish packages.
@yuumasato
Copy link
Member Author

@ggbecker The job ran, but it failed on push to repo. Very likely because it ran on "pull request" from my fork.
https://github.com/ComplianceAsCode/content/actions/runs/5953290199

I have updated the PR.

@ggbecker
Copy link
Member

@ggbecker The job ran, but it failed on push to repo. Very likely because it ran on "pull request" from my fork. https://github.com/ComplianceAsCode/content/actions/runs/5953290199

I have updated the PR.

Okay, let's merge whenever the CI finishes.

@ggbecker ggbecker self-assigned this Aug 23, 2023
@ggbecker ggbecker added the OpenShift OpenShift product related. label Aug 23, 2023
@codeclimate
Copy link

codeclimate bot commented Aug 23, 2023

Code Climate has analyzed commit 89ddeda and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 53.3% (0.0% change).

View more on Code Climate.

@ggbecker ggbecker merged commit ce17b4c into ComplianceAsCode:master Aug 24, 2023
37 of 38 checks passed
@yuumasato yuumasato deleted the write_package-k8s-contents branch August 24, 2023 07:56
@yuumasato yuumasato added this to the 0.1.70 milestone Aug 28, 2023
@Mab879 Mab879 added the Infrastructure Our content build system label Oct 12, 2023
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ggbecker ggbecker ggbecker approved these changes

Assignees

@ggbecker ggbecker

Labels
Infrastructure Our content build system OpenShift OpenShift product related.
Projects
None yet
Milestone
0.1.70
Development

Successfully merging this pull request may close these issues.

Kubernetes content workflow is failing to run due to invalid workflow
3 participants
@yuumasato @ggbecker @Mab879