github-action: run GitHub tag/release events #236
Conversation
v1v
changed the title
|
|
||
| permissions: | ||
| contents: write | ||
| contents: read |
There was a problem hiding this comment.
The GH API to create a release (https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release) says it needs:
The token must have at least one of the following permission sets:
contents:write contents:write and workflows:write
I guess this is bypassing using the GH token for this job and instead is using the CREATE_TAG_TOKEN secret that is manually maintained for this repo?
There was a problem hiding this comment.
is using the CREATE_TAG_TOKEN secret that is manually maintained for this repo?
Correct. Unfortunately, we cannot use the ephemeral GH token if GitHub events are required.
In this particular the GitHub event is needed, to be able to run the release.yml workflow.
GitHub does not support GitHub events when the actor is the GitHub bot, a way to prevent recursivity
There was a problem hiding this comment.
When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run
What
Use service machine to support GitHub events,
github-botdoes not support GitHub events when creating Tags, PRs or Issues, therefore GitHuba actions will not run if they are caused by the above-mentioned user.In addition, I enabled what @trentm mentioned in #228 (comment)