Skip to content

Split publish and deploy workflows #4057

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Split publish and deploy workflows #4057

wants to merge 2 commits into from

Conversation

dskloetc
Copy link
Contributor

Closes #ISSUE_NUMBER_GOES_HERE

Description

......

Changes

  • High level
  • changes that
  • you made

Steps to Test

  1. Steps
  2. to
  3. test

Quality Assurance

  • If a new adapter was made, or an existing one was modified so that its environment variables have changed, update the relevant infra-k8s configuration file.
  • If a new adapter was made, or an existing one was modified so that its environment variables have changed, update the relevant adapter-secrets configuration file or update the soak testing blacklist.
  • If a new adapter was made, or a new endpoint was added, update the test-payload.json file with relevant requests.
  • The branch naming follows git flow (feature/x, chore/x, release/x, hotfix/x, fix/x) or is created from Jira.
  • This is related to a maximum of one Jira story or GitHub issue.
  • Types are safe (avoid TypeScript/TSLint features like any and disable, instead use more specific types).
  • All code changes have 100% unit and integration test coverage. If testing is not applicable or too difficult to justify doing, the reasoning should be documented explicitly in the PR.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 26, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 4a9ad8a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 26, 2025
View reviewed changes
@dskloetc dskloetc force-pushed the kloet/publish-workflow branch from cd513d3 to fd571a7 Compare September 26, 2025 15:26
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 26, 2025
View reviewed changes
.github/workflows/publish.yml
Comment on lines +118 to +133
name: Clean up ephemeral items
runs-on: ubuntu-latest
needs:
- calculate-changes
- publish-adapter-images
if: always() && needs.calculate-changes.outputs.adapter-list != '[]'
steps:
- name: Check out code
uses: actions/checkout@v4
with:
ref: ${{ needs.calculate-changes.outputs.tmp-branch }}
- name: Delete ephemeral branch
run: |
git push origin --delete ${{ needs.calculate-changes.outputs.tmp-branch }}

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 14 days ago

To fix the problem, add an explicit permissions block under the cleanup job in .github/workflows/publish.yml. This block should specify the minimal required permissions for the steps it performs. Since the job deletes a branch—an operation that requires write access to repository contents—the permissions should be set to contents: write. This change should be added directly under the runs-on and needs listings in the cleanup job (after line 121 and before line 125 for style consistency). No additional imports or dependencies are required.

Suggested changeset 1
.github/workflows/publish.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -119,6 +119,8 @@
   cleanup:
     name: Clean up ephemeral items
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     needs:
       - calculate-changes
       - publish-adapter-images
EOF
@@ -119,6 +119,8 @@
cleanup:
name: Clean up ephemeral items
runs-on: ubuntu-latest
permissions:
contents: write
needs:
- calculate-changes
- publish-adapter-images
Copilot is powered by AI and may make mistakes. Always verify output.
@dskloetc dskloetc force-pushed the kloet/publish-workflow branch from b5cfff0 to 0315644 Compare September 29, 2025 11:09
@dskloetc dskloetc force-pushed the kloet/publish-workflow branch from 56d47e0 to 854e84d Compare September 29, 2025 13:21
@dskloetc dskloetc force-pushed the kloet/publish-workflow branch from 854e84d to 4a9ad8a Compare September 29, 2025 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dskloetc