Set explicit Docker permissions #997
Conversation
charliermarsh
force-pushed
the
charlie/perm
branch
from
5f3c554
to
4263690
Compare
charliermarsh
had a problem deploying
to
release
GitHub Actions
Failure
charliermarsh
had a problem deploying
to
release
GitHub Actions
Failure
| # For: `permissions: packages: write`. | ||
| allow-dirty = ["ci"] |
There was a problem hiding this comment.
Do they not support this? Do we lose all the safety guarantees of release won't run if the generated workflow is modified?
There was a problem hiding this comment.
No, yes. Please bear with me, there was a lot of discussion about this in the Axo Discord, I am trying to understand GitHub's permission model. We should not be publishing from a build step (we should be publishing from a publish step), but GitHub doesn't seem to allow us to build a multi-platform image and publish it in a separate step. I spent time trying to figure it out earlier this week.
There was a problem hiding this comment.
(To be clear, I'm testing off this branch, so I'm hoping I won't have to merge this. If I do, it will be temporary as I'll ask Axo team for help.)
charliermarsh
force-pushed
the
charlie/perm
branch
2 times, most recently
from
fad87ba
to
049c9c6
Compare
charliermarsh
force-pushed
the
charlie/perm
branch
3 times, most recently
from
3c83e3a
to
55d65df
Compare
charliermarsh
had a problem deploying
to
release
GitHub Actions
Failure
charliermarsh
force-pushed
the
charlie/perm
branch
from
55d65df
to
2fb9bcd
Compare
charliermarsh
force-pushed
the
charlie/perm
branch
from
2fb9bcd
to
74d1c70
Compare
|
Okay, merging this for now while I work with the Axo team to remove it. |
No description provided.