diff mbox series

[1/2] ci(check-whitespace): stop requiring a read/write token

Message ID b54c137cb14527c14bd7c990f9cf32dca50ba5dc.1626300577.git.gitgitgadget@gmail.com (mailing list archive)
State Accepted
Commit cc00362125c7726551d2b6bda85e1a4b17d0bc81
Headers show
Series check-whitespace: two fixes | expand

Commit Message

Johannes Schindelin July 14, 2021, 10:09 p.m. UTC 
From: Johannes Schindelin <johannes.schindelin@gmx.de>

As part of some recent security tightening, GitHub introduced the
ability to configure GitHub workflows to be run with a read-only token.
This is much more secure, in particular when working in a public
repository: While the regular read/write token might be restricted to
writing to the current branch, it is not necessarily restricted to
access only the current Pull Request.

However, the `check-whitespace` workflow threw a wrench into this plan:
it _requires_ write access (because it wants to add a PR comment in case
of a whitespace issue).

Let's just skip that PR comment. The user can always click through to
the actual error, even if it is slightly less convenient.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 .github/workflows/check-whitespace.yml | 16 ----------------
 1 file changed, 16 deletions(-)

Comments

Junio C Hamano July 14, 2021, 10:20 p.m. UTC | #1 
"Johannes Schindelin via GitGitGadget" <gitgitgadget@gmail.com>
writes:

> However, the `check-whitespace` workflow threw a wrench into this plan:
> it _requires_ write access (because it wants to add a PR comment in case
> of a whitespace issue).

OK.
diff mbox series

Patch

diff --git a/.github/workflows/check-whitespace.yml b/.github/workflows/check-whitespace.yml
index f1483059c76..c53614d6033 100644
--- a/.github/workflows/check-whitespace.yml
+++ b/.github/workflows/check-whitespace.yml
@@ -51,21 +51,5 @@  jobs:
 
         if test -n "${log}"
         then
-          echo "::set-output name=checkout::"${log}""
           exit 2
         fi
-
-    - name: Add Check Output as Comment
-      uses: actions/github-script@v3
-      id: add-comment
-      env:
-        log: ${{ steps.check_out.outputs.checkout }}
-      with:
-        script: |
-            await github.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: `Whitespace errors found in workflow ${{ github.workflow }}:\n\n\`\`\`\n${process.env.log.replace(/\\n/g, "\n")}\n\`\`\``
-            })
-      if: ${{ failure() }}