-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix ci-release.yml perms #4097
Fix ci-release.yml perms #4097
Conversation
Signed-off-by: Joe Elliott <number101010@gmail.com>
Codecov ReportBase: 97.15% // Head: 97.16% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## main #4097 +/- ##
==========================================
+ Coverage 97.15% 97.16% +0.01%
==========================================
Files 295 295
Lines 17413 17413
==========================================
+ Hits 16918 16920 +2
+ Misses 399 397 -2
Partials 96 96
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
@@ -9,7 +9,7 @@ on: | |||
# and https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions | |||
permissions: | |||
deployments: write | |||
contents: read | |||
contents: read,write |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh-oh
The workflow is not valid. .github/workflows/ci-release.yml (Line: 12, Col: 13): Unexpected value 'read,write'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe this needs an array syntax ["read","write"]
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe just write
running a test now in my fork to see:
https://github.com/joe-elliott/jaeger/actions/runs/3652192298/jobs/6170292688
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, would expect write to include read
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but also curious what "content" this is writing, because content seems to refer to the source code itself - https://docs.github.com/en/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#contents
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably this: PATCH /repos/{owner}/{repo}/releases/assets/{asset_id} (write)
This correctly sets the `contents` permission to `write`. This allowed CI on my fork to move past the "Upload Binaries" step. This fixes the change here: #4097 Signed-off-by: Joe Elliott <number101010@gmail.com>
Release CI is currently failing with: ![image](https://user-images.githubusercontent.com/2272392/206558115-b7b9f51d-66b8-482b-b66b-9decd5c231ee.png) Currently testing this change in my fork Signed-off-by: Joe Elliott <number101010@gmail.com>
This correctly sets the `contents` permission to `write`. This allowed CI on my fork to move past the "Upload Binaries" step. This fixes the change here: jaegertracing#4097 Signed-off-by: Joe Elliott <number101010@gmail.com>
Release CI is currently failing with: ![image](https://user-images.githubusercontent.com/2272392/206558115-b7b9f51d-66b8-482b-b66b-9decd5c231ee.png) Currently testing this change in my fork Signed-off-by: Joe Elliott <number101010@gmail.com> Signed-off-by: shubbham1215 <sawaikershubham@gmail.com>
This correctly sets the `contents` permission to `write`. This allowed CI on my fork to move past the "Upload Binaries" step. This fixes the change here: jaegertracing#4097 Signed-off-by: Joe Elliott <number101010@gmail.com> Signed-off-by: shubbham1215 <sawaikershubham@gmail.com>
Release CI is currently failing with:
Currently testing this change in my fork