Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(drone-sig): add missing contents: read permission #4472

Merged
merged 1 commit into from
Dec 19, 2024
Merged

fix(drone-sig): add missing contents: read permission #4472

merged 1 commit into from
Dec 19, 2024

Conversation

zzehring
Copy link
Contributor

What this PR does:

Currently, the workflow is broken as the reusable workflow requires id-token: write and contents: read, but since we have overridden the default permissions, we need to re-add contents: read.

Workflow error example:

The workflow is not valid. .github/workflows/drone-signature-check.yml (Line: 17, Col: 3): Error calling workflow 'grafana/shared-workflows/.github/workflows/check-drone-signature.yaml@main'. The nested job 'check-drone-signature' is requesting 'contents: read', but is only allowed 'contents: none'.

Which issue(s) this PR fixes:
Fixes #

Checklist

  • Tests updated
  • Documentation added
  • CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

@zzehring
fix(drone-sig): add missing contents: read permission
b324573 
Currently, the workflow is broken as the reusable workflow requires `id-token: write` _and_ `contents: read`, but since we have overridden the default permissions, we need to re-add `contents: read`. 

[Workflow error example](https://github.com/grafana/tempo/actions/runs/12400150268):

> The workflow is not valid. .github/workflows/drone-signature-check.yml (Line: 17, Col: 3): Error calling workflow 'grafana/shared-workflows/.github/workflows/check-drone-signature.yaml@main'. The nested job 'check-drone-signature' is requesting 'contents: read', but is only allowed 'contents: none'.
mapno
mapno approved these changes Dec 19, 2024
View reviewed changes
Copy link
Member

@mapno mapno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@electron0zero electron0zero merged commit fa9b7ad into main Dec 19, 2024
17 checks passed
@electron0zero electron0zero deleted the zzehring/drone-sig-check/fix-add-contents-read-perm branch December 19, 2024 11:18
@electron0zero electron0zero mentioned this pull request Jan 29, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mapno mapno mapno approved these changes

@electron0zero electron0zero electron0zero approved these changes

@joe-elliott joe-elliott Awaiting requested review from joe-elliott joe-elliott is a code owner

@mdisibio mdisibio Awaiting requested review from mdisibio mdisibio is a code owner

@yvrhdn yvrhdn Awaiting requested review from yvrhdn yvrhdn is a code owner

@zalegrala zalegrala Awaiting requested review from zalegrala zalegrala is a code owner

@ie-pham ie-pham Awaiting requested review from ie-pham ie-pham is a code owner

@stoewer stoewer Awaiting requested review from stoewer stoewer is a code owner

@javiermolinar javiermolinar Awaiting requested review from javiermolinar javiermolinar is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zzehring @electron0zero @mapno