From: Johannes Schindelin <johannes.schindelin@xxxxxx>
As part of some recent security tightening, GitHub introduced the
ability to configure GitHub workflows to be run with a read-only token.
This is much more secure, in particular when working in a public
repository: While the regular read/write token might be restricted to
writing to the current branch, it is not necessarily restricted to
access only the current Pull Request.
However, the `check-whitespace` workflow threw a wrench into this plan:
it _requires_ write access (because it wants to add a PR comment in case
of a whitespace issue).
Let's just skip that PR comment. The user can always click through to
the actual error, even if it is slightly less convenient.
Signed-off-by: Johannes Schindelin <johannes.schindelin@xxxxxx>
---
.github/workflows/check-whitespace.yml | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/.github/workflows/check-whitespace.yml b/.github/workflows/check-whitespace.yml
index f1483059c76..c53614d6033 100644
--- a/.github/workflows/check-whitespace.yml
+++ b/.github/workflows/check-whitespace.yml
@@ -51,21 +51,5 @@ jobs:
if test -n "${log}"
then
- echo "::set-output name=checkout::"${log}""
exit 2
fi
-
- - name: Add Check Output as Comment
- uses: actions/github-script@v3
- id: add-comment
- env:
- log: ${{ steps.check_out.outputs.checkout }}
- with:
- script: |
- await github.issues.createComment({
- issue_number: context.issue.number,
- owner: context.repo.owner,
- repo: context.repo.repo,
- body: `Whitespace errors found in workflow ${{ github.workflow }}:\n\n\`\`\`\n${process.env.log.replace(/\\n/g, "\n")}\n\`\`\``
- })
- if: ${{ failure() }}
--
gitgitgadget
