-
Notifications
You must be signed in to change notification settings - Fork 560
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add permissions to the GitHub Actions token #5106
Conversation
5e0f2b4
to
cc13922
Compare
The values for this PR come from a similar one in CAPI |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Also - GitHub won't pick up the new values from this PR until it's merged, as a safety measure against attacks (so that random users can't open a PR and export secrets). |
* Dependabot needs to be able to update PRs it creates * The pr-verify job needs to be able to write to the checks API Signed-off-by: Nolan Brubaker <nolan@nbrubaker.com>
cc13922
to
e1e078b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: AndiDog The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Manually merging at OWNERS request as this is to address the failing GH action |
What type of PR is this?
/kind bug
What this PR does / why we need it:
Since moving to the Kubernetes GitHub Enterprise account, our GitHub Actions jobs haven't been able to write their status to the API.
This results in the following error on all jobs that run within GitHub Actions:
Special notes for your reviewer:
This is similar to the permissions carried by upstream CAPI
Release note: