chore: update permissions #743
Conversation
sympatheticmoose
requested review from
sunker
and removed request for
a team
|
Hello! 👋 This repository uses Auto for releasing packages using PR labels. ✨ This PR can be merged but will not trigger a new release. To trigger a new release add the |
sympatheticmoose
added
create-plugin
There was a problem hiding this comment.
Hmm, maybe I am doing something wrong, but this didn't work for me (failing workflow). Are you sure read-only is a valid permission value? As far as I can see here to define access for all the available scopes we can either use read-all or write-all.
|
(Maybe it would be useful to automatically open a PR in the https://github.com/grafana/plugin-workflow-tester/ repo if any of the workflow template files change to see if they pass. However as we don't edit these too often maybe it doesn't worth the effort.) |
Nice, did not know we had this repo. |
🤦 |
| @@ -8,11 +8,12 @@ on: | |||
| tags: | |||
| - 'v*' # Run workflow on version tags, e.g. v1.0.0. | |||
|
|
|||
| permissions: | |||
| contents: write | |||
| permissions: read-all | |||
There was a problem hiding this comment.
As we only have a single job in this workflow, what's the reason for this change at this point?
There was a problem hiding this comment.
(kind of a vanity change but stops certain security tooling from complaining)
Yeah its weird I know
|
🚀 PR was released in |
grafana-plugins-platform-bot
bot
added
the
released
What this PR does / why we need it:
Introduces top level read-only permissions in the CI workflow
Moves write permissions to within the single job (kind of a vanity change but stops certain security tooling from complaining)
Which issue(s) this PR fixes:
part of #742
Special notes for your reviewer:
Tested with a custom plugin and CI/Release still appeared to execute as expected.
CI workflow may require more changes as per the issue