fix: more stable jobs + dorny/paths-filter permissions #552
fix: more stable jobs + dorny/paths-filter permissions #552
dorny/paths-filter permissions #552Conversation
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
| contents: read | ||
| pull-requests: read | ||
| # Required for dorny/paths-filter | ||
| permissions: read-all |
There was a problem hiding this comment.
zizmor is complaining and I'm confused:
warning[excessive-permissions]: overly broad permissions
--> workflow-templates/phpunit-pgsql.yml:36:3
|
36 | / changes:
37 | | runs-on: ubuntu-latest-low
38 | | # Required for dorny/paths-filter
39 | | permissions: read-all
| | --------------------- uses read-all permissions
40 | |
... |
59 | | - 'composer.json'
60 | | - 'composer.lock'
| |_______________________________- this job
|
= note: audit confidence → High
Which part is it trying to read that it can not read otherwise?
There was a problem hiding this comment.
Honestly no clue, couldn't figure out the reason.
But it seems that it fails because not enough permisisons on private repos ? "Resource not accessible by integration"
I checked here,but didn't find anything useful dorny/paths-filter#123
So I tried this and it seems to work https://github.com/nextcloud-gmbh/server/pull/836
There was a problem hiding this comment.
So I tried this and it seems to work nextcloud-gmbh/server#836
Got me curious, so did the same test (as github only specifies pr and contents as required permissions and it works already? See https://github.com/nextcloud-gmbh/server/actions/runs/15364863945/job/43236456808?pr=837
So maybe it was an internal issue with Github?
There was a problem hiding this comment.
Yeah, maybe 🤔
Let's keep this closed for now!
3 participants
Before
After