Missing permission in README example

stkr22 commented 2 years ago

In the README.md it shows an example workflow:

name: Release Charts

on:
  push:
    branches:
      - main

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: 0

      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

      - name: Install Helm
        uses: azure/setup-helm@v1
        with:
          version: v3.8.1

      - name: Run chart-releaser
        uses: helm/chart-releaser-action@v1.4.0
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

At least for me that did not work. The task always terminated with " 403 Resource not accessible by integration". Once I added the necessary permissions it worked:

name: Release Charts

on:
  push:
    branches:
      - main

jobs:
  publish:
    permissions:
      contents: write
    runs-on: ubuntu-latest

[....]

davidkarlsen commented 2 years ago

Hmmm, it works for me w/o doing that: https://github.com/evryfs/helm-charts/blob/master/.github/workflows/publish.yaml Are you sure this is really needed?

RafalSkolasinski commented 2 years ago

I can confirm I hit the same in my experiments now:

as it is in the readme fails with 403: https://github.com/RafalSkolasinski/seldon-models/actions/runs/2457045793
after adding permission passes: https://github.com/RafalSkolasinski/seldon-models/runs/6781581806

davidkarlsen commented 2 years ago

I guess that depends on https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token - but we can emphasise this in the README.

stkr22 commented 2 years ago

Great, thanks for the clarification. 👍

helm / chart-releaser-action

Missing permission in README example #110