-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add commisery GitHub action #15
Conversation
0eee701
to
b909f0f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Newline at end of file please.
b909f0f
to
24b2e16
Compare
uses: enarx/commisery-action@master | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
pull_request: ${{ github.event.number }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does this action require our GITHUB_TOKEN
? What permissions are we granting to it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's an automatically generated GITHUB_TOKEN
for pulling the repository: https://github.com/enarx/commisery-action/blob/ecedfc765564e89b9a776bfea8d5717c686b15ad/commisery_action.py#L69
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is unnecessary for a public repo. You should submit a PR to make the token optional.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is unfortunately unfeasible, as this requires putting in a PR for the GitHub Python API library to not require a GITHUB_TOKEN
. What I think is a better alternative is to simply restrict the access which GITHUB_TOKEN
provides via: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
Signed-off-by: Paul Pietkiewicz <[email protected]>
24b2e16
to
3197198
Compare
This PR can be closed since the issue was addressed later by a different PR and we have shared commisery workflow already implemented. |
Closes #14