ci(check-whitespace): stop requiring a read/write token
As part of some recent security tightening, GitHub introduced the ability to configure GitHub workflows to be run with a read-only token. This is much more secure, in particular when working in a public repository: While the regular read/write token might be restricted to writing to the current branch, it is not necessarily restricted to access only the current Pull Request. However, the `check-whitespace` workflow threw a wrench into this plan: it _requires_ write access (because it wants to add a PR comment in case of a whitespace issue). Let's just skip that PR comment. The user can always click through to the actual error, even if it is slightly less convenient. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
ebf3c04b26
commit
cc00362125
16
.github/workflows/check-whitespace.yml
vendored
16
.github/workflows/check-whitespace.yml
vendored
@ -51,21 +51,5 @@ jobs:
|
||||
|
||||
if test -n "${log}"
|
||||
then
|
||||
echo "::set-output name=checkout::"${log}""
|
||||
exit 2
|
||||
fi
|
||||
|
||||
- name: Add Check Output as Comment
|
||||
uses: actions/github-script@v3
|
||||
id: add-comment
|
||||
env:
|
||||
log: ${{ steps.check_out.outputs.checkout }}
|
||||
with:
|
||||
script: |
|
||||
await github.issues.createComment({
|
||||
issue_number: context.issue.number,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
body: `Whitespace errors found in workflow ${{ github.workflow }}:\n\n\`\`\`\n${process.env.log.replace(/\\n/g, "\n")}\n\`\`\``
|
||||
})
|
||||
if: ${{ failure() }}
|
||||
|
Loading…
Reference in New Issue
Block a user