Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix perms in publish workflow #1814

Merged
merged 1 commit into from
May 16, 2024
Merged

Conversation

drammock
Copy link
Collaborator

@Carreau and @trallard the PyPI publish workflow is broken again, this time by the new coverage action. The Coverage step inside tests.yml needs contents: write, pull-requests: write permissions. That means we need to grant those permissions to the entire tests workflow when that workflow is called from within another action (in this case, the publish.yml action).

This PR will do that (as a quick-fix to allow us to get the release out) and I'll self-merge this if necessary later today, to facilitate a timely release. But IMO a better solution is to separate the test and coverage actions into separate workflows, so that:

  • on PRs, test and coverage get run
  • when releases are tagged, test and publish get run (but not coverage)

WDYT?

@drammock
Copy link
Collaborator Author

I should be explicit, I guess: my motivation for splitting them is so that we can keep permissions as low as possible for each action / step. Putting coverage into its own workflow means only coverage gets PR write permissions.

Copy link

Coverage report

This PR does not seem to contain any modification to coverable code.

@drammock drammock merged commit 98efa1a into pydata:main May 16, 2024
18 checks passed
@drammock drammock deleted the fix-publish-permissions branch May 16, 2024 18:32
@drammock
Copy link
Collaborator Author

argh, I'm gonna revert this. Even with the right permissions the Coverage step fails when called from the release job because (of course) there is no pull request for it to post its comment to. So it still blocks the release upload.

drammock added a commit that referenced this pull request May 16, 2024
drammock added a commit that referenced this pull request May 16, 2024
Revert "fix perms in publish workflow (#1814)"

This reverts commit 98efa1a.
@Carreau
Copy link
Collaborator

Carreau commented May 17, 2024

sorry about that. Github actions are complicated.

ivanov pushed a commit to ivanov/pydata-sphinx-theme that referenced this pull request Jun 5, 2024
ivanov pushed a commit to ivanov/pydata-sphinx-theme that referenced this pull request Jun 5, 2024
Revert "fix perms in publish workflow (pydata#1814)"

This reverts commit 98efa1a.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants