Improve backport job permissions #10390
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cdce8p
added
Maintenance
|
🤖 According to the primer, this change has no effect on the checked open source code. 🤖🎉 This comment was generated for commit b83ec7d |
|
Sounds good to me ! Not having to close/open the backport MR would be nice (it's not voluntary afair). |
Pierre-Sassoulas
approved these changes
May 18, 2025
|
👍🏻 PAT and environment are setup now. Let's backport this PR to test if everything works. |
cdce8p
added a commit
that referenced
this pull request
May 18, 2025
(cherry picked from commit 222ab20)
|
Looks good! See #10391 for the backport PR. |
Pierre-Sassoulas
pushed a commit
that referenced
this pull request
May 18, 2025
Pierre-Sassoulas
added a commit
that referenced
this pull request
Aug 9, 2025
…10487) * [ci] Install pylint before every test (#10388) (#10389) Co-authored-by: Marc Mueller <[email protected]> * Improve backport job permissions (#10390) (#10391) (cherry picked from commit 222ab20) * Resolve `possibly-used-before-assignment` false positives from `match` block assignments (#10393) (cherry picked from commit ad14b5b) * Use custom Github App to authenticate backport job (#10394) (#10396) (cherry picked from commit 6be8676) Co-authored-by: Marc Mueller <[email protected]> * Fix Pyreverse: Aggregations aren't filtered according to filter mode (PUB_ONLY, etc.) (#10379) (#10401) * updated diagrams.py file * added tests * updated tests * added test cases * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- (cherry picked from commit ed59632) Co-authored-by: pavan-msys <[email protected]> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * Fix Mermaid printer rendering double underscores as bold formatting (#10403) (#10410) (cherry picked from commit 25a0f9e) Co-authored-by: Julian Grimm <[email protected]> Co-authored-by: Pierre Sassoulas <[email protected]> * Respect docstring-min-length in docparams extension (#10104) (#10434) (cherry picked from commit 7f5e996) Co-authored-by: Berker ŞAL <[email protected]> * Fix `unused-variable` false positive when using same name for multiple exceptions (#10436) (#10481) (cherry picked from commit 9e72867) Co-authored-by: Zen Lee <[email protected]> * Fix false-negative for used-before-assignment with postponed evaluation in function defs (#10482) (#10483) (cherry picked from commit d363fca) Co-authored-by: Marc Mueller <[email protected]> * Update pytest-benchmark requirement from ~=4.0 to ~=5.1 (#10066) (#10484) (cherry picked from commit f04761b) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pylint to 3.3.8, update changelog (#10486) --------- Co-authored-by: Marc Mueller <[email protected]> Co-authored-by: Jacob Walls <[email protected]> Co-authored-by: pylint-backport-bot[bot] <212256041+pylint-backport-bot[bot]@users.noreply.github.com> Co-authored-by: pavan-msys <[email protected]> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Julian Grimm <[email protected]> Co-authored-by: Berker ŞAL <[email protected]> Co-authored-by: Zen Lee <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Pierre-Sassoulas
temporarily deployed
to
Backport
GitHub Actions
Inactive
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Followup to #10269
Noticed recently with #10388 that the backport to
.github/workflowsfiles still fails with the same error. After investigation and testing on my fork I found a solution that would work. For the backport to work we need theworkflowspermission. However that one isn't available for CI workflows. Instead we'd need to create a personal access token with the following permissions:contents: write-> push new branches to Githubpull-requests: write-> create PR or add comment for manual backportworkflows: write-> modify files in .github/workflowsThe
actions: writepermission I added in #10388 isn't necessary after all.A side effect would be that we won't need to close / reopen PRs anymore before the workflow would run. By scoping the secret to an environment, we would also be able to enforce additional checks (like requiring sign-off) if we want to.
Is this something we want to do? If so, I can setup the PAT and environment.