Skip to content

Fix GHCR Permissions of GHA Runners#28

Merged
gvegayon merged 7 commits intoEpiForeSITE:mainfrom
olivia-banks:ob-resolve-ghcr-perms
Mar 31, 2026
Merged

Fix GHCR Permissions of GHA Runners#28
gvegayon merged 7 commits intoEpiForeSITE:mainfrom
olivia-banks:ob-resolve-ghcr-perms

Conversation

@olivia-banks
Copy link
Copy Markdown
Member

@olivia-banks olivia-banks commented Mar 31, 2026

See title, resolves some comments I forgot about in #20. Very basic PR.

@olivia-banks olivia-banks added this to the MVP milestone Mar 31, 2026
Copilot AI review requested due to automatic review settings March 31, 2026 20:17
@olivia-banks olivia-banks added the bug Something isn't working label Mar 31, 2026
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates GitHub Actions workflow permissions to ensure GHA runners can pull images from GHCR with least-privilege access, and adjusts the Copilot workflow’s dependency/tool setup.

Changes:

  • Add explicit workflow-level permissions (contents: read, packages: read) to PR and Copilot workflows.
  • Expand Copilot workflow setup to install dev-group deps and common CLI tools.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
.github/workflows/on_pr.yml Adds explicit read permissions needed to pull GHCR images during PR test runs.
.github/workflows/copilot.yml Adds explicit read permissions and extends setup steps for a richer dev environment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@gvegayon
Copy link
Copy Markdown
Member

gvegayon commented Mar 31, 2026

@olivia-banks, I'm not following copilot's review entirely. Ping me when you are ready

@olivia-banks olivia-banks requested a review from Copilot March 31, 2026 20:32
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@olivia-banks olivia-banks requested a review from Copilot March 31, 2026 20:41
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@olivia-banks olivia-banks requested a review from Copilot March 31, 2026 20:46
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@olivia-banks
Copy link
Copy Markdown
Member Author

olivia-banks commented Mar 31, 2026

FYI, this action will never pass on this PR because publishing to the container registry only happens on merge into main.

Ping @gvegayon

@gvegayon gvegayon self-requested a review March 31, 2026 22:42
gvegayon
gvegayon approved these changes Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@gvegayon gvegayon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI, this action will never pass on this PR because publishing to the container registry only happens on merge into main.

Ping @gvegayon

Alright, but we need to address that later (not today). We can add a conditional if for pushing the container only if running on the default branch. Approving for now!

@gvegayon gvegayon merged commit a8f9d60 into EpiForeSITE:main Mar 31, 2026
4 of 5 checks passed
@gvegayon gvegayon mentioned this pull request Mar 31, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@gvegayon gvegayon gvegayon approved these changes

Assignees

@gvegayon gvegayon

@olivia-banks olivia-banks

@EddW1219 EddW1219

Labels

bug Something isn't working

Projects

None yet

Milestone

MVP

Development

Successfully merging this pull request may close these issues.

4 participants

@olivia-banks @gvegayon @EddW1219