feat: worklow: add permissions field
#2312
Conversation
The `permissions` field can either be a top level key, or a per-job one. It supports a map of scope<>permission relations. For example, to allow the jobs to write to the the packages registry, the following must be set: ```yaml permissions: packages: write ``` this fixes that. Right now, this field is not used/useful when running the actions locally, but can be used to handle permissions on forges that implement the same action format, such as Forgejo/Gitea. Signed-off-by: Frank Villaro-Dixon <[email protected]>
|
Notice: |
|
Good catch, indeed! What do you propose? Would having something like: type Permission interface {}
...
Permissions Permission `yaml:"permissions"`be better? Thanks! |
|
I usually use yaml.Node as the type, since this allows to call decode to both string and map However I'm not shure how the rest of the code is it doing here... |
|
Also check the gitea/act repo, and you will see this struct is duplicated there into another package on their standalone workflow parser |
There was a problem hiding this comment.
Like a months ago, I can't agree merging this as long it breaks parsing working workflows that can be used today without adding a meaningful feature to act.
Implementing the following for the permission map can also map read-all, write-all
https://github.com/go-yaml/yaml/blob/v3.0.1/yaml.go#L36
e.g. node.Decode(self) and if it returns an error try to match for string constants or return an error
|
Oh we are still using yaml v2, where it is a different unmarshallyaml interface. Maybe I should consider to upgrade the whole repo to v3 edit hmm all weird v3 had v2 backcompat for that interface, we are v3 already |
The
permissionsfield can either be a top level key, or a per-job one. It supports a map of scope<>permission relations.For example, to allow the jobs to write to the the packages registry, the following must be set:
this fixes that.
Right now, this field is not used/useful when running the actions locally, but can be used to handle permissions on forges that implement the same action format, such as Forgejo/Gitea.