Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

modified: .github/workflows/master-pr.yml #4694

Closed
wants to merge 9 commits into from
Closed

modified: .github/workflows/master-pr.yml #4694

wants to merge 9 commits into from

Conversation

F-WRunTime
Copy link
Member

@F-WRunTime F-WRunTime commented Nov 25, 2024
edited
Loading

Problem: Prs opened by forks do not have access to secrets. The WF to change from default banch > develop uses a secret inaccessible by forks.

  • Modifying the workflow permissions to enable explicit write allowance to the API endpoint used for modifying the pull request base branch.
  • Removed references to internal secrets.

Reference Material:
Overview of modifying permissions

Permission breakdown of what allows what when modifying job permissions (solution used)

Checking the API endpoints affected by setting 'pull-requests' > 'write' lists the api endpoint we are using in the WF to change the base branch

@F-WRunTime
modified: .github/workflows/master-pr.yml
ea5c125 
Problem: Prs opened by forks do not have access to secrets. The WF to change from default banch > develop uses a secret inaccessible by forks.
- Modifying the workflow permissions to enable explicit write allowance to the API endpoint used for modifying the pull request base branch.
- Removed references to internal secrets.
@F-WRunTime F-WRunTime requested a review from a team as a code owner November 25, 2024 18:29
@F-WRunTime F-WRunTime requested a review from ehildenb November 25, 2024 18:29
@github-actions github-actions bot changed the base branch from master to develop November 25, 2024 18:29
@F-WRunTime F-WRunTime self-assigned this Nov 25, 2024
@F-WRunTime F-WRunTime changed the base branch from develop to master November 25, 2024 19:22
@F-WRunTime
modified: .github/workflows/master-pr.yml
268b3ee 
modified:   .github/workflows/test-pr.yml
modified:   .github/workflows/master-pr.yml
- Before when using a PAT jobs are automatically triggered, becuase
  these are recognized as non-system bots. If done by system jobs, these
are ignored to avoid recursive WF executions.
- To trigger the job, we'll use workflow_run in test-pr.yaml that runs
  on completion of the master-pr.yml "Test PR" workflow.
@github-actions github-actions bot changed the base branch from master to develop November 25, 2024 19:24
@github-actions GitHub Actions
Copy link

The default branch has been changed from master to develop. Thank you for your support!

@F-WRunTime
modified: .github/workflows/master-pr.yml
2804a33 
modified:   .github/workflows/test-pr.yml
- These have the same name for the workflows..
- Modifying master-pr.yml name from "Test PR" > "Configure PR"
@F-WRunTime F-WRunTime changed the base branch from develop to master November 25, 2024 19:28
@github-actions github-actions bot changed the base branch from master to develop November 25, 2024 19:31
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 25, 2024
edited by F-WRunTime
Loading

The target branch has been updated from master > develop. Thank you for your support!
Updated by automation Bot.

@F-WRunTime F-WRunTime changed the base branch from develop to master November 25, 2024 20:09
@github-actions GitHub Actions
Copy link

The target branch has been updated from master > develop. Thank you for your support!

@github-actions github-actions bot changed the base branch from master to develop November 25, 2024 20:09
@F-WRunTime F-WRunTime changed the base branch from develop to master November 25, 2024 20:18
@github-actions github-actions bot changed the base branch from master to develop November 25, 2024 20:19
@github-actions GitHub Actions
Copy link

The target branch has been updated from master > develop. Thank you for your support!

1 similar comment
@github-actions GitHub Actions
Copy link

The target branch has been updated from master > develop. Thank you for your support!

@F-WRunTime F-WRunTime changed the base branch from develop to master November 25, 2024 21:14
@F-WRunTime
modified: .github/workflows/master-pr.yml
b5d41fb 
modified:   .github/workflows/test-pr.yml
- Trying a different approach to triggers to support triggering full
  test-pr.yml on update of change branch target, without using PATs /
Github App.
@github-actions github-actions bot changed the base branch from master to develop November 25, 2024 21:16
@github-actions GitHub Actions
Copy link

Target Branch Changed! Thank you for your support!

1 similar comment
@F-WRunTime
Copy link
Member Author

Target Branch Changed! Thank you for your support!

@F-WRunTime
modified: .github/workflows/master-pr.yml
6be9950 
- Test with write-all if actions-bot will be allowed to trigger the
  test-pr.yml
@F-WRunTime F-WRunTime changed the base branch from develop to master November 25, 2024 21:42
@github-actions github-actions bot changed the base branch from master to develop November 25, 2024 22:08
@ehildenb
Copy link
Member

I don't think this is actually necessary after the conversation on slack though. Virgil rebased his PR on develop manually, which is fine for forking workflows, since those PRs are not coming in very often.

@F-WRunTime F-WRunTime closed this Nov 26, 2024
@ehildenb ehildenb deleted the hotfix/fork-action-permissions branch November 26, 2024 10:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehildenb ehildenb Awaiting requested review from ehildenb

Assignees

@F-WRunTime F-WRunTime

Labels
automerge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@F-WRunTime @ehildenb