632 documents Megalinter failing when its run on push events instead of pull_request. Either we need to change how it's kicked off (only do it on pull_request) or only send security concerns when the workflow is run in the context of a PR.
Per the error log, push events run in a read-only context; trying to send a security update requires write access which is available when the run is triggered by a PR.
My recommendation is the first (push -> pull_request) as it seems "weird" to only send security notices when run in certain situations.. if it finds something, it should say something. Moreover, changing it to PR means that it will run less often, require fewer branch updates, and ultimately save compute minutes for other processes.
Description
632 documents Megalinter failing when its run on
push
events instead ofpull_request
. Either we need to change how it's kicked off (only do it onpull_request
) or only send security concerns when the workflow is run in the context of a PR.Per the error log,
push
events run in a read-only context; trying to send a security update requireswrite
access which is available when the run is triggered by a PR.My recommendation is the first (
push
->pull_request
) as it seems "weird" to only send security notices when run in certain situations.. if it finds something, it should say something. Moreover, changing it to PR means that it will run less often, require fewer branch updates, and ultimately save compute minutes for other processes.User Story
bug #632
Architectural Decision Records (ADRs)
No response