release: fix federated auth #669

dscho · 2024-07-02T11:32:55Z

One "funny" quirk of GitHub Actions is that some of their YAML constructs that users assume to be cumulative, are not. One example is the permissions block: Most readers will assume that the following YAML will combine contents and id-token permissions:

permissions:
  id-token: write

jobs:
  my-job:
    permissions:
      contents: write

However, that is not the case! The inner permissions block completely negates the outer permissions block. This can be seen in all its glory here. With this commit, the bug is fixed.

One "funny" quirk of GitHub Actions is that some of their YAML constructs that users _assume_ to be cumulative, are not. One example is the `permissions` block: Most readers will assume that the following YAML will combine `contents` and `id-token` permissions: permissions: id-token: write jobs: my-job: permissions: contents: write However, that is not the case! The inner `permissions` block completely negates the outer `permissions` block. So let's just repeat ourselves to force GitHub Actions to understand which permissions we need. Signed-off-by: Johannes Schindelin <[email protected]>

dscho requested a review from mjcheetham July 2, 2024 11:32

dscho self-assigned this Jul 2, 2024

derrickstolee approved these changes Jul 2, 2024

View reviewed changes

dscho merged commit 3dfd9ac into vfs-2.45.2 Jul 4, 2024
114 checks passed

dscho deleted the fix-azure-login branch July 4, 2024 11:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release: fix federated auth #669

release: fix federated auth #669

dscho commented Jul 2, 2024

release: fix federated auth #669

release: fix federated auth #669

Conversation

dscho commented Jul 2, 2024