Open denopink opened 11 months ago
Looks like the sub-job Comment on PR with Details of Schema Check requires the workflow's github.token to have read and write permissions.
Comment on PR with Details of Schema Check
github.token
read and write
This becomes an issue when a pr is created from a fork, since the token is from the fork and not from the parent repo.
Can we remove this section? https://github.com/pulumiverse/infra/blob/c467230278c9a19d9505eec5a2f6e82b3dec500a/.github/workflows/provider-prerequisites.yaml#L61-L69
cc: @schmidtw
example: https://github.com/pulumiverse/pulumi-vra/actions/runs/6534980011/job/17743382581?pr=39
@denopink the reusable workflows where an attempt to make it easier on package maintainers. In the meantime, we are migrating away from it.
Looks like the sub-job
Comment on PR with Details of Schema Check
requires the workflow'sgithub.token
to haveread and write
permissions.This becomes an issue when a pr is created from a fork, since the token is from the fork and not from the parent repo.
Can we remove this section? https://github.com/pulumiverse/infra/blob/c467230278c9a19d9505eec5a2f6e82b3dec500a/.github/workflows/provider-prerequisites.yaml#L61-L69
cc: @schmidtw