emcduffie
commented
1 year ago The USEPA repo-wide policy on actions is set to the following: "Allow enterprise, and select non-enterprise, actions and reuseable workflows. Any action or reusable workflow that matches the specified criteria, plus those defined in a repository within the enterprise, can be used."
I was able to contact the EPA github folks and sent them your error message. Here is their response: "We can definitely add actions from verified and reputable sources to our whitelist. I have added JOSS’s openjournals/openjournals-draft-action to our whitelist. However, I did not add the second action for pushing because, although well used in the open source community, is made by a standalone polish developer which does not meet the reputability requirement for me to be comfortable adding it. If there’s another action you can find from a reputable source I’m happy to add it, but I don’t see it in the code for pdf generation. "
I checked the whitelisted actions in our settings and I now see the openjournals action has been added.
Let me know if this resolves the JOSS issues!
knoiva-indecon
The JOSS submission rules require that we add our paper to a branch on our GitHub. I created a directory called "paper" in the main directory, since this paper would be useful for others to see, but we could also move it somewhere else. In any case, JOSS recommends using a GitHub action to compile the paper.
@tonygard-indecon and @knoiva-indecon have been able to compile the paper on forked versions of the
jossbranch, but are having issues adding the GitHub action to FrEDI workflows. We get the following error message:openjournals/openjournals-draft-action@master and ad-m/github-push-action@master are not allowed to be used in USEPA/FrEDI. Actions in this workflow must be: within a repository that belongs to your Enterprise account, created by GitHub, or matching the following: cloud-gov/*, docker/*, r-lib/actions/*, softprops/turnstyle@v1, zaproxy/*, pypa/*, uibcdf/action-sphinx-docs-to-gh-pages@v1.1.0-beta, psf/black@stable, anchore/*, release-drafter/*, jamesives/github-pages-deploy-action@v4, ruby/*, aws-actions/*.What is unclear is whether JOSS simply suggests this GitHub action so that we can make sure the paper compiles or whether they'll check for the compiled paper. If the former, then we have no issues with permissions in the short term. If the latter, then we need to find a way to resolve this issue.
Either way, this might be an ongoing issue in setting up GitHub actions in general. We were not able to use/reference basic GitHub actions like pushing. We may need to find a way to allow actions from certain developers: https://github.com/orgs/community/discussions/25488