We should run a dry-run job on every .permissions PR and put the logs / changes in the check job. If the dry-run fails we should make the check a hard fail.
This will replace the somewhat hacked together https://github.com/codebytere/governance-check module. We should ensure all the safety checks / helpful errors in that module are converted / available in the new check run.
We should run a dry-run job on every
.permissions
PR and put the logs / changes in the check job. If the dry-run fails we should make the check a hard fail.This will replace the somewhat hacked together https://github.com/codebytere/governance-check module. We should ensure all the safety checks / helpful errors in that module are converted / available in the new check run.