Closed kirbyquerby closed 2 years ago
odeke-em
commented
2 years ago Thank you @kirbyquerby! @kirbyquerby could you please help me with instructions for how to accomplish this to edit the permissions to allow the Docker image publishing on ghcr, Github's Container Registry?
kirbyquerby
commented
2 years ago odeke-em
commented
2 years ago Turns out that I don't have admin access to make those modifications to this repository, so I shall kindly ping @ebuchman to run the steps that @kirbyquerby highlighted in https://github.com/informalsystems/gosec/issues/26#issuecomment-1151958393
odeke-em
commented
2 years ago @greg-szabo and team could you please help us out with enabling the modifications listed above in https://github.com/informalsystems/gosec/issues/26#issuecomment-1151958393?
greg-szabo
commented
2 years ago Apologies for the late response here, I'm just back from leave.
The repo didn't really have an owner, so I made @odeke-em and @harveenSingh admin of the repo for now. This should take care of waiting on requests like this in the future.
It seems to me that you have to define a package first, before you can modify its properties. (I don't have any of the buttons described in the links either.) Try creating one using GitHub Actions first and then you should be able to change permissions on it.
Here's apalache's example of creating packages using GitHub Actions: https://github.com/informalsystems/apalache/blob/b627481fca3677b15457c704fdd6f8aab66b6d84/.github/workflows/container.yml (It's not perfect because it's compiling the dockerfile on the fly, but it's a good start.)
odeke-em
commented
2 years ago Alright, thank you very much @kirbyquerby @marbar3778 @ebuchman, after https://github.com/cosmos/gosec/releases/tag/v0.0.3 we now have ghcr.io/cosmos/gosec:latest hence I shall close this issue. @kirbyquerby could you please help send a PR to the cosmos-sdk to include some passes?
kirbyquerby
commented
2 years ago Not fixed. As specified in this issue, the action.yml still needs to be updated: https://github.com/cosmos/gosec/blob/19d13d9ffb91c847dcf6761d2fbdec6b203ab958/action.yml#L13
The
action.ymlcurrently still references the docker image made by securego/gosec: https://github.com/informalsystems/gosec/blob/74c0f4d328d8723ac688fd1dee94e143695107fb/action.yml#L13The release workflow also references publishing to the
securego/securegodocker image: https://github.com/informalsystems/gosec/blob/74c0f4d328d8723ac688fd1dee94e143695107fb/.github/workflows/release.yml#L33In general, a sweep should probably be done renaming
securegowhere it makes sense: https://github.com/search?q=securego+repo%3Ainformalsystems%2Fgosec&type=CodeFor this issue, though, the following should be done to make a usable GitHub Action:
action.ymlto push to and reference the correct image