Define top level Permission for ci.yml workflow #5078
Conversation
karmada-bot
added
kind/feature
karmada-bot
added
size/S
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## master #5078 +/- ##
=======================================
Coverage 28.38% 28.38%
=======================================
Files 632 632
Lines 43798 43798
=======================================
+ Hits 12431 12433 +2
+ Misses 30462 30461 -1
+ Partials 905 904 -1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
.github/workflows/ci.yml
Outdated
| contents: read # Adjust permissions as necessary | ||
| id-token: write # For OIDC tokens |
There was a problem hiding this comment.
| contents: read # Adjust permissions as necessary | |
| id-token: write # For OIDC tokens | |
| contents: read # for actions/checkout to fetch code | |
| id-token: write # for requesting the JWT |
SkySingh04
force-pushed
the
toplevelpermissionsforCI.yml
branch
2 times, most recently
from
8f693d7
to
f613849
Compare
karmada-bot
removed
the
do-not-merge/invalid-commit-message
|
@zhzhuang-zju I have updated the commits to pass the tests, let me know if i should squash all of them |
Yes, squash all of them would be better |
.github/workflows/ci.yml
Outdated
| @@ -12,6 +12,9 @@ on: | |||
| concurrency: | |||
| group: ${{ github.workflow }}-${{ github.actor }}-${{ github.head_ref || github.run_id }} | |||
| cancel-in-progress: true | |||
| permissions: | |||
| contents: read # for actions/checkout to fetch code | |||
| id-token: write # for requesting the JWT | |||
There was a problem hiding this comment.
refer to #5119 (comment), the write permissions can be declared at the run-level. Also, can you confirm whether write permission is required? The result given by the StepSecurity's online tool is that write permission is not required.
There was a problem hiding this comment.
That would be correct, write permission is not necessary
README.md
Outdated
| @@ -13,6 +13,7 @@ | |||
| [](https://codecov.io/gh/karmada-io/karmada) | |||
| [](https://app.fossa.com/projects/custom%2B28176%2Fgithub.com%2Fkarmada-io%2Fkarmada?ref=badge_shield) | |||
| [](https://artifacthub.io/packages/krew/krew-index/karmada) | |||
| [](https://clomonitor.io/projects/cncf/karmada) | |||
There was a problem hiding this comment.
#5054 has added CLOMonitor badge
karmada-bot
added
the
do-not-merge/contains-merge-commits
|
@zhzhuang-zju Your requested changes have been made |
|
kindly ping @Akash-Singh04 |
Signed-off-by: Akash Singh <akashsingh2210670@gmail.com>
RainbowMango
force-pushed
the
toplevelpermissionsforCI.yml
branch
from
e45eec0
to
165ebdf
Compare
karmada-bot
removed
the
do-not-merge/contains-merge-commits
|
I just helped rebase this PR, please @zhzhuang-zju take a look. |
thanks~ |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: RainbowMango The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
karmada-bot
added
the
approved
What type of PR is this?
/kind feature
What this PR does / why we need it:
Which issue(s) this PR fixes:
Part of #5048
Special notes for your reviewer:
Does this PR introduce a user-facing change?: