Skip to content

chore: remove global allowlist file in Librarian config #13191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jskeet merged 1 commit into from
Oct 21, 2025
Merged

chore: remove global allowlist file in Librarian config #13191

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions .librarian/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,15 @@
# despite several subdirectories being tools which don't need
# to be releasesd as such; those are listed as released exclusion
# paths in state.yaml.
global_files_allowlist:
- path: "CHANGES.md"
permissions: "read-write"

# This is temporarily commented out as we only create CHANGES.md
# in the output directory when releasing the root module - but
# librarian expects it to be present for all releases. See
# https://github.com/googleapis/librarian/issues/2627 for more
# details and discussion.
# global_files_allowlist:
# - path: "CHANGES.md"
# permissions: "read-write"
Comment on lines +16 to +18
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Oct 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

Commenting out the global_files_allowlist without a clear plan for re-enabling it or a more robust solution poses a critical risk. This could lead to unintended consequences in the release process, such as allowing files that should be restricted. Ensure there's a well-defined strategy for addressing this issue and preventing potential security or operational problems. Consider adding a temporary solution instead of commenting out the whole section.

For example, you could add a condition that checks if the current module is the root module, and only then apply the allowlist.

# global_files_allowlist:
#  - path: "CHANGES.md"
#    permissions: "read-write"
# The following block is a temporary workaround to allow non-root modules to be released
# while librarian expects CHANGES.md to be present for all releases. See
# https://github.com/googleapis/librarian/issues/2627 for details.
# if module_is_root:
#   global_files_allowlist:
#     - path: "CHANGES.md"
#       permissions: "read-write"


# All libraries with handwritten code (core, hybrid and handwritten)
# libraries have "release_blocked: true" so that releases are
Expand Down