Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CI with explicit permissions for publishing images #3165

Closed
gmulhearn opened this issue Aug 15, 2024 · 2 comments · Fixed by #3167
Closed

Update CI with explicit permissions for publishing images #3165

gmulhearn opened this issue Aug 15, 2024 · 2 comments · Fixed by #3167
Assignees
@jamshale

Comments

@gmulhearn
Copy link
Contributor

Hi, after encountering a recent issue in VCX's CI with image publishing permissions, i checked acapy as well..

I believe something changed in the hyperledger organisation settings last week where the GITHUB_TOKEN default permissions dropped to read-only. As a result, our image-publishing jobs started getting denied..

e.g. it looks like nightly publishes of acapy have failed or skipped for the past week or so: https://github.com/hyperledger/aries-cloudagent-python/actions/workflows/nigthly.yml

last successful run: https://github.com/hyperledger/aries-cloudagent-python/actions/runs/10275685048
image

runs now: https://github.com/hyperledger/aries-cloudagent-python/actions/runs/10396422027/job/28790543901
image

(compare the github_token permissions)

For VCX, the fix appeared to be adding explicit permissions to the affected jobs:

    permissions:
      contents: read
      packages: write

Related fix in VCX: hyperledger/aries-vcx#1283
@swcurran
Copy link
Contributor

Thanks — this was top of the agenda today. @jamshale could you take a look?

I had a similar (but perhaps unrelated) experience with another repo that required adding this.

@jamshale
Copy link
Contributor

That sounds like the same issue. I had thought the token might have expired, but this would make sense.

@jamshale jamshale self-assigned this Aug 15, 2024
@jamshale jamshale linked a pull request Aug 15, 2024 that will close this issue
Add explicit write permission to publish workflow #3167
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jamshale jamshale

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add explicit write permission to publish workflow jamshale/acapy
3 participants
@swcurran @jamshale @gmulhearn