Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(ci): Fix potential github action smells #29416

Merged
merged 4 commits into from May 2, 2024
Merged

chore(ci): Fix potential github action smells #29416

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4f2d47e
chore(ci): fix gha smells
ceddy4395 Apr 23, 2024
1bb14bd
Fix typo in 'if' statement for gha workflow
ceddy4395 Apr 28, 2024
4b77cdb
Merge branch 'develop' into fix-gha-smells
jennifer-shehane Apr 29, 2024
8ec963f
Add contents write permissions to upload_release_asset
ceddy4395 Apr 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/update-browser-versions.yml
View file
Open in desktop
Expand Up @@ -10,6 +10,8 @@ jobs:
env:
CYPRESS_BOT_APP_ID: ${{ secrets.CYPRESS_BOT_APP_ID }}
BASE_BRANCH: develop
# Prevent from running this workflow on forks
if: github.repository == 'cypres-io/cypress'
ceddy4395 marked this conversation as resolved.
Show resolved Hide resolved
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down
17 changes: 17 additions & 0 deletions .github/workflows/update_v8_snapshot_cache.yml
View file
Open in desktop
Expand Up @@ -8,6 +8,23 @@ on:
push:
branches:
- 'release/**'
paths-ignore:
- .husky/**
- .vscode/**
- .eslintrc.js
- .gitattributes
- .gitignore
- .percy.yml
- .prettierignore
- .releaserc.js
- .yarnclean
- CHANGELOG.md
- CODE_OF_CONDUCT.md
- CONTRIBUTING.md
- LICENSE
- README.md
- ROADMAP.md
- SECURITY.md
workflow_dispatch:
inputs:
branch:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/upload_release_asset.yml
View file
Open in desktop
Expand Up @@ -13,6 +13,7 @@ jobs:
FOSSA_API_KEY: ${{secrets.FOSSAAPIKEY}}
repo-token: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
permissions: {}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ceddy4395 We need to specify the permissions we want here right? What happens if this object is empty? https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions

Copy link
Contributor Author

@ceddy4395 ceddy4395 Apr 28, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the permissions are empty, the GITHUB_TOKEN and 'external' actions will have no permissions at all.
I assumed this would not be a problem looking at the workflow, however could you confirm what the ${{ github.event.release.upload_url }} usually points to? If this points to github somehow, we might need to add the correct permission for that.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are examples of the urls: e2dcf53#commitcomment-141413214

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yes I see where it gets uploaded, I've added contents: write to the permission which will allow the uploading.

steps:
- name: Check out repository code
uses: actions/checkout@v4
Expand Down