Trivial change, test PR #347
Conversation
|
@gdalle I am having some permission issue in the Graphs.jl repo. The same workflow works for my fork Trivial change, test PR · filchristou/Graphs.jl@f0c892d · GitHub but doesn't in JuliaGraphs Trivial change, test PR · JuliaGraphs/Graphs.jl@f0c892d · GitHub. If you go to the "Set up job" -> "GITHUB_TOKEN Permissions" I get "write" in my fork and "read" in JuliaGraphs Did you specifically modify something because from what i read around the default permissions for public PR should be read/write https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token. The specific error I get is "GraphQL: Resource not accessible by integration (addComment)" and there is some discussion here git - "Resource not accessible by integration" on github post /repos/{owner}/{repo}/actions/runners/registration-token API - Stack Overflow |
|
It's weird cause the actions indeed have read/write permissions in Graphs.jl as well as the organization in general. It's not the most secure setting but it should work |
|
I think this is the answer: cli/cli#8374 (comment)
It happens cause you're on a fork |
|
The issue is that you're doing it from a fork, and so the comment posting will never work. In this case the best we can do is use the option from BenchmarkCI to print the benchmarking results inside the workflow log, in addition to the PR comment (which will only work from branches, i.e. for PRs made by maintainers). |
filchristou
added
the
to-benchmark
|
it seems the workflow didn't even run on those latest commits |
filchristou
added
to-benchmark
|
yeah. sorry for the noise. I will be playing around for a while. I am not satisfied with the logging public PR benchmarks in the workflow so I am investigating other possibilities. Let me know if you have any ideas. |
filchristou
added
to-benchmark
filchristou
added
to-benchmark
filchristou
added
to-benchmark
Might be worth a shot? |
filchristou
removed
the
to-benchmark
filchristou
added
the
to-benchmark
|
probably it is worth a chance. Now I am considering a chain of workflows as described here: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run |
|
why so complicated? I think |
|
I don't get what's the practical difference between
Which is exactly what benchmarking does. |
|
I have asked on slack: https://julialang.slack.com/archives/C681P8ABG/p1709137580258319 |
filchristou
added
to-benchmark
|
On second thought I agree with you this is a bad security practice, let's not use https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ |
|
@gdalle Okey. it seems that the
So either I need to start experimenting with the master or changing the default for a little while. What do you prefer ? Good thing is that all these changes do not interacting with user code. |
|
Let's discuss it tonight at the community call if you can attend? |
|
okey. yes I will join |
* First try on benchmark CI (#315) (WIP) TODO: store results and PR label triggering * Test consecutive PR (#346) Merge all new advancements on the `benchx` branch in order to do a follow up consecutive PR to test github actions * Trivial change, test PR (#347) * Trivial change, test PR * Add PR write permission * Test full permissions * Granular permissions * try write-all * try label event * labeled in pull_request * Store results as artifact and trigger a consecutive workflow_run * Workflow chain almost complete (WIP) * correct .benchmarkci path * Add benchx support branch * Just try pull_request_target instead * Remove target * Get rid of s to get the chain going --------- Co-authored-by: Guillaume Dalle <[email protected]> * Simplify for master merge * Fixed formatting * Integrate review comments --------- Co-authored-by: Guillaume Dalle <[email protected]>
No description provided.