Skip to content

fix: more stable jobs + dorny/paths-filter permissions #552

Closed
skjnldsv wants to merge 2 commits intomasterfrom
feat/stabilise-jobs
Closed

fix: more stable jobs + dorny/paths-filter permissions #552
skjnldsv wants to merge 2 commits intomasterfrom
feat/stabilise-jobs

Conversation

@skjnldsv
Copy link
Member

@skjnldsv skjnldsv commented May 30, 2025

Before

image

After

image

skjnldsv added 2 commits May 30, 2025 16:03
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
@skjnldsv skjnldsv requested a review from susnux May 30, 2025 14:23
@skjnldsv skjnldsv self-assigned this May 30, 2025
@skjnldsv skjnldsv added the 3. to review Waiting for reviews label May 30, 2025
@skjnldsv skjnldsv requested a review from nickvergessen May 30, 2025 14:32
contents: read
pull-requests: read
# Required for dorny/paths-filter
permissions: read-all
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zizmor is complaining and I'm confused:

warning[excessive-permissions]: overly broad permissions
  --> workflow-templates/phpunit-pgsql.yml:36:3
   |
36 | /   changes:
37 | |     runs-on: ubuntu-latest-low
38 | |     # Required for dorny/paths-filter
39 | |     permissions: read-all
   | |     --------------------- uses read-all permissions
40 | |
...  |
59 | |               - 'composer.json'
60 | |               - 'composer.lock'
   | |_______________________________- this job
   |
   = note: audit confidence → High

Which part is it trying to read that it can not read otherwise?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly no clue, couldn't figure out the reason.
But it seems that it fails because not enough permisisons on private repos ? "Resource not accessible by integration"

I checked here,but didn't find anything useful dorny/paths-filter#123
So I tried this and it seems to work https://github.com/nextcloud-gmbh/server/pull/836

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I tried this and it seems to work nextcloud-gmbh/server#836

Got me curious, so did the same test (as github only specifies pr and contents as required permissions and it works already? See https://github.com/nextcloud-gmbh/server/actions/runs/15364863945/job/43236456808?pr=837

So maybe it was an internal issue with Github?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, maybe 🤔

Let's keep this closed for now!

@skjnldsv skjnldsv closed this Jun 1, 2025
@nickvergessen nickvergessen deleted the feat/stabilise-jobs branch June 1, 2025 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3. to review Waiting for reviews

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants