Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use GITHUB_TOKEN instead of PAT in "Slash Command Dispatch" and "GMT Dev Tests" workflows #2950

Merged
merged 3 commits into from
Jan 4, 2024
Merged

Use GITHUB_TOKEN instead of PAT in "Slash Command Dispatch" and "GMT Dev Tests" workflows #2950

merged 3 commits into from
Jan 4, 2024

Conversation

seisman
Copy link
Member

@seisman seisman commented Jan 3, 2024
edited
Loading

Description of proposed changes

Based on the comments in peter-evans/slash-command-dispatch#147, it's possible to use GITHUB_TOKEN in slash command workflows. This PR removes the step for generating a PAT and uses GITHUB_TOKEN instead, which can simplify our workflows.

Since the slash commands can only run the workflows in the main branch, we can't test the changes without merging the PR.

I've committed the same changes to the main branch in my fork (https://github.com/seisman/pygmt) and tried the slash commands in PR https://github.com/seisman/pygmt/pull/1. Both /test-gmt-dev and /format work (workflow run https://github.com/seisman/pygmt/actions/runs/7393878677 and commit 574e029).

We still need to make sure that the slash commands work for new contributors without written permission and also work for PRs from forks. So, need your help here.

  1. Run /test-gmt-dev and /format in PR https://github.com/seisman/pygmt/pull/1 to see if slash commands works for external contributors
  2. Fork my repository into your own account, make minor changes that fail the style checks, submit a PR to my fork, then run /test-gmt-dev and /format in your PRs.

@seisman seisman changed the title Use GITHUB_TOKEN in slash command workflows HELPUse GITHUB_TOKEN in slash command workflows Jan 3, 2024
@seisman seisman changed the title HELPUse GITHUB_TOKEN in slash command workflows HELP: Use GITHUB_TOKEN in slash command workflows Jan 3, 2024
@seisman seisman requested a review from a team January 3, 2024 13:57
@weiji14
Copy link
Member

weiji14 commented Jan 3, 2024
edited
Loading

  1. Run /test-gmt-dev and /format in PR https://github.com/seisman/pygmt/pull/1 to see if slash commands works for external contributors

Done at https://github.com/seisman/pygmt/pull/1#issuecomment-1876078715. Seems to work seisman@4c0534c?

  1. Fork my repository into your own account, make minor changes that fail the style checks, submit a PR to my fork, then run /test-gmt-dev and /format in your PRs.

Opened at https://github.com/seisman/pygmt/pull/2. The format commands errors with:

remote: Permission to weiji14/pygmt.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/weiji14/pygmt/': The requested URL returned error: 403
Error: Process completed with exit code 128.

@weiji14
Copy link
Member

weiji14 commented Jan 3, 2024
edited
Loading

In the GitHub Actions workflow, you could try setting the content permissions (https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs):

    permissions:
      contents: write  # to git push added/changed files

But I'm not sure if it'll really work. I've tried using GITHUB_TOKEN last September at CryoInTheCloud/hub-image#88 (comment), and getting things to work from forks is still an issue.

@seisman
Copy link
Member Author

seisman commented Jan 4, 2024
edited by weiji14
Loading

In the GitHub Actions workflow, you could try setting the content permissions (https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs):

    permissions:
      contents: write  # to git push added/changed files

But I'm not sure if it'll really work. I've tried using GITHUB_TOKEN last September at CryoInTheCloud/hub-image#88 (comment), and getting things to work from forks is still an issue.

I don't think it will work, because the default permissions are:

GITHUB_TOKEN Permissions
  Actions: write
  Checks: write
  Contents: write
  Deployments: write
  Discussions: write
  Issues: write
  Metadata: read
  Packages: write
  Pages: write
  PullRequests: write
  RepositoryProjects: write
  SecurityEvents: write
  Statuses: write

Anyway, at least we can remove PAT from .github/workflows/slash-command-dispatch.yml and .github/workflows/ci_tests_dev.yaml.

@seisman seisman changed the title HELP: Use GITHUB_TOKEN in slash command workflows Use GITHUB_TOKEN instead of PAT in "Slash Command Dispatch" and "GMT Dev Tests" workflows Jan 4, 2024
@seisman seisman marked this pull request as ready for review January 4, 2024 01:44
@seisman seisman added the maintenance Boring but important stuff for the core devs label Jan 4, 2024
@seisman seisman added this to the 0.11.0 milestone Jan 4, 2024
@seisman seisman added the needs review This PR has higher priority and needs review. label Jan 4, 2024
@seisman seisman merged commit 03f66b5 into main Jan 4, 2024
16 of 23 checks passed
@seisman seisman deleted the slash-command-token branch January 4, 2024 01:58
@seisman seisman removed the needs review This PR has higher priority and needs review. label Jan 4, 2024
@seisman seisman mentioned this pull request Jan 4, 2024
Merged
16 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weiji14 weiji14 weiji14 approved these changes

Assignees
No one assigned
Labels
maintenance Boring but important stuff for the core devs
Projects
None yet
Milestone
0.11.0
Development

Successfully merging this pull request may close these issues.
2 participants
@seisman @weiji14