From 3eaa9efd77ef9e89087e360fa05ee9c1cb1893c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= Date: Sun, 7 Jul 2024 08:55:51 +0200 Subject: [PATCH 1/3] fix: adds permission to token. --- .github/workflows/release.yaml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8172885..4f823f8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,4 +1,4 @@ -name: CI +name: Release on: pull_request: @@ -8,20 +8,17 @@ on: - ".github/workflows/release.yaml" workflow_dispatch: - inputs: - branch: - description: 'Branch to run the workflow on' - required: true - default: 'main' jobs: build-and-release: runs-on: ubuntu-latest + permissions: + packages: write steps: - name: Checkout uses: actions/checkout@v4 with: - ref: ${{ github.event.inputs.branch }} + ref: ${{ github.ref }} - name: Setup Go uses: actions/setup-go@v4 @@ -51,12 +48,12 @@ jobs: context: extauthz platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} - tags: openfga/openfga-envoy:${{ github.event.inputs.branch || 'dev' }} + tags: openfga/openfga-envoy:${{ github.ref || 'dev' }} - name: Write summary if: ${{ github.event_name != 'pull_request' }} run: | echo "The image is available:" >> $GITHUB_STEP_SUMMARY echo "```" >> $GITHUB_STEP_SUMMARY - echo "docker pull ghcr.io/openfga/openfga-envoy:${{ github.event.inputs.branch }}@${{ steps.push.outputs.digest }}" >> $GITHUB_STEP_SUMMARY + echo "docker pull ghcr.io/openfga/openfga-envoy:${{ github.ref }}@${{ steps.push.outputs.digest }}" >> $GITHUB_STEP_SUMMARY echo "```" >> $GITHUB_STEP_SUMMARY From ca28a640e9c5c197e3a338458e4faf06fc276207 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= Date: Sun, 7 Jul 2024 09:02:47 +0200 Subject: [PATCH 2/3] fix: checkout on PR. --- .github/workflows/release.yaml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4f823f8..c767add 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -16,10 +16,24 @@ jobs: packages: write steps: - name: Checkout + if: ${{ github.event_name == 'pull_request' }} + uses: actions/checkout@v4 + + - name: Checkout + if: ${{ github.event_name != 'pull_request' }} uses: actions/checkout@v4 with: ref: ${{ github.ref }} + - name: Generate tag + id: tag + run: | + if [ "${{ github.event_name }}" == "pull_request" ]; then + echo "value=dev" >> $GITHUB_OUTPUT + else + echo "value=${{ github.ref }}" >> $GITHUB_OUTPUT + fi + - name: Setup Go uses: actions/setup-go@v4 with: @@ -48,12 +62,12 @@ jobs: context: extauthz platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} - tags: openfga/openfga-envoy:${{ github.ref || 'dev' }} + tags: openfga/openfga-envoy:${{ steps.tag.outputs.value }} - name: Write summary if: ${{ github.event_name != 'pull_request' }} run: | echo "The image is available:" >> $GITHUB_STEP_SUMMARY echo "```" >> $GITHUB_STEP_SUMMARY - echo "docker pull ghcr.io/openfga/openfga-envoy:${{ github.ref }}@${{ steps.push.outputs.digest }}" >> $GITHUB_STEP_SUMMARY + echo "docker pull ghcr.io/openfga/openfga-envoy:${{ steps.tag.outputs.value }}@${{ steps.push.outputs.digest }}" >> $GITHUB_STEP_SUMMARY echo "```" >> $GITHUB_STEP_SUMMARY From 67254598a9b767e56ee73782516f7280c6178985 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= Date: Sun, 7 Jul 2024 09:05:33 +0200 Subject: [PATCH 3/3] fix: missing read scope. --- .github/workflows/release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c767add..29bb006 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,6 +14,7 @@ jobs: runs-on: ubuntu-latest permissions: packages: write + contents: read steps: - name: Checkout if: ${{ github.event_name == 'pull_request' }}