Closed dependabot[bot] closed 8 months ago
I am not quite sure what has changed in the auth action, and why it now fails, but we should find out what is going on here. @leap-stc/data-and-compute @andersy005 anyone have an idea about this?
I am not quite sure what has changed in the auth action, and why it now fails, but we should find out what is going on here. @leap-stc/data-and-compute @andersy005 anyone have an idea about this?
it appears this is working as expected. when the action runs on a pull request from a forked repository, GitHub only grants read access tokens for pull_request events, at most: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token, and it restricts access to secrets as well.
Bumps google-github-actions/auth from 1 to 2.
Release notes
Sourced from google-github-actions/auth's releases.
... (truncated)
Commits
67e9c72
Release: v2.0.0 (#355)0a2edc1
Fix some examples to include project_id (#353)7c4e01f
Make auth universe-aware (#352)097d292
Add protection for release branches (#351)fe92076
Add support for Direct Workload Identity auth (#348)You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show