Skip to content

Fix component owners workflow permissions #3165

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jan 13, 2025
Merged

Fix component owners workflow permissions #3165

merged 3 commits into from
Jan 13, 2025

Conversation

jsoref
Copy link
Contributor

@jsoref jsoref commented Jan 3, 2025

Description

The component owners workflow fails miserably in forks with restricted permissions because it's misconfigured:

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

The official documentation for the action has been consulted:
https://github.com/dyladan/component-owners/blob/58bd86e9814d23f1525d0a970682cead459fa783/README.md?plain=1#L54-L57

Does This PR Require a Core Repo Change?

  • Yes. - Link to PR:
  • No.

Checklist:

See contributing.md for styleguide, changelog guidelines, and more.

  • Followed the style guidelines of this project
  • Changelogs have been updated
  • Unit tests have been added
  • Documentation has been updated

@jsoref jsoref requested a review from a team as a code owner January 3, 2025 13:10
emdneto
emdneto reviewed Jan 10, 2025
View reviewed changes
Copy link
Member

@emdneto emdneto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm curious why do you need that this job run on forks?

@jsoref
Copy link
Contributor Author

jsoref commented Jan 10, 2025

I mostly want to not get ❌ when I test things. You're free to instead use an if: github.repository == ... test instead.

But, from a different perspective, the only reason this works in the main repository is because your repository/organization's permissions are lax instead of restrictive and when that's fixed and it should be fixed, this workflow will break for the main repository just as it did in my fork (which happens to be restrictive).

@emdneto
Copy link
Member

emdneto commented Jan 13, 2025
edited
Loading

I mostly want to not get ❌ when I test things. You're free to instead use an if: github.repository == ... test instead.

But, from a different perspective, the only reason this works in the main repository is because your repository/organization's permissions are lax instead of restrictive and when that's fixed and it should be fixed, this workflow will break for the main repository just as it did in my fork (which happens to be restrictive).

I understand your concern. It makes sense to me from the security perspective

@emdneto emdneto added the Skip Changelog PRs that do not require a CHANGELOG.md entry label Jan 13, 2025
@lzchen lzchen merged commit c59b514 into open-telemetry:main Jan 13, 2025
675 checks passed
@jsoref jsoref deleted the fix-permissions branch January 13, 2025 23:54
xrmx pushed a commit to xrmx/opentelemetry-python-contrib that referenced this pull request Jan 24, 2025
@jsoref @xrmx
Fix component owner workflow permissions (open-telemetry#3165)
595d206
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xrmx xrmx xrmx approved these changes

@emdneto emdneto emdneto approved these changes

@lzchen lzchen lzchen approved these changes

Assignees

No one assigned

Labels

Skip Changelog PRs that do not require a CHANGELOG.md entry

Projects

@xrmx's Python PR digest
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jsoref @emdneto @xrmx @lzchen