Fix simplecov action read-only permission issue

Question

Fix simplecov action read-only permission issue

RajeshPaul38 opened this issue 3 years ago · 4 comments

As of now simplecov action is failing for any pull request being raised from a forked repository. So we need to add a github token to resolve the permission issue.

Answer 1 · 2021-10-05T07:29:39.000Z

The resolution to this issue is that, PR needs to be raised from the repository itself. Otherwise we need to do so many settings which might not even be secure i.e. giving write access to repo for actions on PRs even from forked repositories. So the most frugal solution is to use chef/supermarket repository itself.

Answer 2 · 2021-10-05T07:29:56.000Z

Before simplecov github action integration we didn't need any github action to have write permission which is needed by simplecov. There are many other actions that need write access. So we need to balance between security and flexibility going forward.

Answer 3 · 2021-10-05T07:30:43.000Z

Sharing a few links which might come handy when resolving it for good:

https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks

https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions

Answer 4 · 2022-01-18T13:50:08.000Z

This couldn't be fixed. Closing for now and we have disabled the simplecov action.