Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub Setting Disabled by Enterprise #1393

Closed
rowanc1 opened this issue Jul 15, 2024 · 2 comments
Closed

GitHub Setting Disabled by Enterprise #1393

rowanc1 opened this issue Jul 15, 2024 · 2 comments
Labels
blocked Waiting for another task to be compled bug Something isn't working help wanted Extra attention is needed

Comments

@rowanc1
Copy link
Collaborator

rowanc1 commented Jul 15, 2024
edited
Loading

Right now the GitHub token in actions does not allow for write access back to the repository, this is required by our CI and deploy system. It is disabled by Jupyter's GitHub Enterprise.

image

@choldgraf where should we be asking for help on this sort of stuff? Perhaps @jasongrout is in charge of this, or do we need to open an issue in Jupyter Governance?

We currently can not release a new version on CI.

See jupyter/governance#221
@rowanc1 rowanc1 added bug Something isn't working help wanted Extra attention is needed blocked Waiting for another task to be compled labels Jul 15, 2024
@choldgraf
Copy link
Collaborator

choldgraf commented Jul 16, 2024
edited
Loading

Two quick thoughts:

Could we work around this?

I think that we might be able to work around this by setting the permissions manually in the GitHub Actions configuration for each repository. If I understand it correctly, the screenshot suggests that we can't set the default permissions to write, but I think we can still set the permissions manually in our github actions config.

Here are the GitHub Actions docs on this

And this reminded me of a similar conversation we've had over in JupyterHub. Here's a search showing how the jupyterhub team manually sets permissions throughout several repos.

I think that if we followed a similar pattern and used write for the proper configuration, each repository should have the permissions needed to write:

permissions:
  actions: read|write|none
  attestations: read|write|none
  checks: read|write|none
  contents: read|write|none
  deployments: read|write|none
  id-token: read|write|none
  issues: read|write|none
  discussions: read|write|none
  packages: read|write|none
  pages: read|write|none
  pull-requests: read|write|none
  repository-projects: read|write|none
  security-events: read|write|none
  statuses: read|write|none

I've e-mailed the executive council

I sent an e-mail to the Jupyter executive council asking about this either way. Will report back when they respond if the above steps haven't resolved this issue for us.

@rowanc1
Copy link
Collaborator Author

rowanc1 commented Jul 16, 2024

Thanks @choldgraf, I did totally read that dropdown wrong and gave up early. Not being able to enable "workflows have read and write permissions", rather than reading it as "default permissions" that can be overridden. This is fixed by adding the following to the changeset workflow yaml:

permissions:
  contents: write
  pull-requests: write

I will respond on the email letting the EC that we figured it out. Sorry for the noise @jasongrout. :)

I will update this on our other repositories now.

@rowanc1 rowanc1 closed this as completed Jul 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocked Waiting for another task to be compled bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rowanc1 @choldgraf