-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trivial change, test PR #347
Conversation
@gdalle I am having some permission issue in the Graphs.jl repo. The same workflow works for my fork Trivial change, test PR · filchristou/Graphs.jl@f0c892d · GitHub but doesn't in JuliaGraphs Trivial change, test PR · JuliaGraphs/Graphs.jl@f0c892d · GitHub. If you go to the "Set up job" -> "GITHUB_TOKEN Permissions" I get "write" in my fork and "read" in JuliaGraphs Did you specifically modify something because from what i read around the default permissions for public PR should be read/write https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token. The specific error I get is "GraphQL: Resource not accessible by integration (addComment)" and there is some discussion here git - "Resource not accessible by integration" on github post /repos/{owner}/{repo}/actions/runners/registration-token API - Stack Overflow |
It's weird cause the actions indeed have read/write permissions in Graphs.jl as well as the organization in general. It's not the most secure setting but it should work |
I think this is the answer: cli/cli#8374 (comment)
It happens cause you're on a fork |
The issue is that you're doing it from a fork, and so the comment posting will never work. In this case the best we can do is use the option from BenchmarkCI to print the benchmarking results inside the workflow log, in addition to the PR comment (which will only work from branches, i.e. for PRs made by maintainers). |
it seems the workflow didn't even run on those latest commits |
yeah. sorry for the noise. I will be playing around for a while. I am not satisfied with the logging public PR benchmarks in the workflow so I am investigating other possibilities. Let me know if you have any ideas. |
Might be worth a shot? |
probably it is worth a chance. Now I am considering a chain of workflows as described here: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run |
why so complicated? I think |
I don't get what's the practical difference between
Which is exactly what benchmarking does. |
I have asked on slack: https://julialang.slack.com/archives/C681P8ABG/p1709137580258319 |
On second thought I agree with you this is a bad security practice, let's not use https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ |
@gdalle Okey. it seems that the
So either I need to start experimenting with the master or changing the default for a little while. What do you prefer ? Good thing is that all these changes do not interacting with user code. |
Let's discuss it tonight at the community call if you can attend? |
okey. yes I will join |
* First try on benchmark CI (#315) (WIP) TODO: store results and PR label triggering * Test consecutive PR (#346) Merge all new advancements on the `benchx` branch in order to do a follow up consecutive PR to test github actions * Trivial change, test PR (#347) * Trivial change, test PR * Add PR write permission * Test full permissions * Granular permissions * try write-all * try label event * labeled in pull_request * Store results as artifact and trigger a consecutive workflow_run * Workflow chain almost complete (WIP) * correct .benchmarkci path * Add benchx support branch * Just try pull_request_target instead * Remove target * Get rid of s to get the chain going --------- Co-authored-by: Guillaume Dalle <22795598+gdalle@users.noreply.github.com> * Simplify for master merge * Fixed formatting * Integrate review comments --------- Co-authored-by: Guillaume Dalle <22795598+gdalle@users.noreply.github.com>
No description provided.