add `read_only` mode

[ericphanson]

closes https://github.com/JuliaRegistries/RegistryCI.jl/issues/382

I thought this would be way harder! But also I could've missed something.

I wonder if we can test this by adding a github workflow with read-only permissions like we talked about in https://github.com/JuliaRegistries/General/issues/35514, and then run the regular integration tests on that except with read_only set to true. What do you think?

[DilumAluthge]

I wonder if we can test this by adding a github workflow with read-only permissions like we talked about in JuliaRegistries/General#35514, and then run the regular integration tests on that except with read_only set to true. What do you think?

Yeah. I'm about to open a PR demo-ing the read-only token. Once I open that, want to take a look and see if you can figure out how to repurpose it?

[DilumAluthge]

It's going to be tricky for you to figure out how to do integration tests with a read-only token.

Because the mechanism I use in https://github.com/JuliaRegistries/General/pull/35519 to generate a read-only token is a specific mechanism (https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions) that only works for the GITHUB_TOKEN supplied automatically by GitHub.

But in the integration tests, I don't actually use the GITHUB_TOKEN. I use a PAT that I generated for my bot user.

[ericphanson]

Ah ok. Maybe we can make a new PAT with read-only perms then?

[DilumAluthge]

I think as a first pass, let's just leave this untested? Since we will be testing it on General. And then we can add tests to this later. (Can you open an issue so we don't forget?)

[ericphanson]

Ah ok, that's fine by me. Let's wait until tomorrow to merge this though; it's late here and it would be good to get @GunnarFarneback's review if possible too.

[DilumAluthge]

While waiting for Gunnar's review, let's make sure CI passes.

bors try

[bors[bot]]

try

Build failed:

• Integration/Julia 1/ubuntu-latest/x64

[ericphanson]

bors try

[bors[bot]]

try

Build succeeded:

• Unit/Julia 1/ubuntu-latest/x64
• Unit/Julia 1.5/ubuntu-latest/x64
• Unit/Julia 1.4/ubuntu-latest/x64
• Unit/Julia 1.3/ubuntu-latest/x64
• Unit/Julia nightly/ubuntu-latest/x64
• Integration/Julia 1/ubuntu-latest/x64
• codecov/project/minimum

[GunnarFarneback]

I haven't checked if it covers all possible outputs but it certainly makes the right kind of changes and what's there looks right.

[ericphanson]

Alright, let's give it a go! If we run it with a read-only token we should get errors if I missed something here.

bors merge

[bors[bot]]

Build succeeded:

• codecov/project/minimum
• Integration/Julia 1/ubuntu-latest/x64
• Unit/Julia 1.3/ubuntu-latest/x64
• Unit/Julia 1.4/ubuntu-latest/x64
• Unit/Julia 1.5/ubuntu-latest/x64
• Unit/Julia 1/ubuntu-latest/x64
• Unit/Julia nightly/ubuntu-latest/x64