Skip to content

Ensure the release asset can be attached properly #340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dkotter merged 1 commit into from
Aug 11, 2025
Merged

Ensure the release asset can be attached properly #340

dkotter merged 1 commit into from
Aug 11, 2025

Conversation

@dkotter
Copy link
Collaborator

@dkotter dkotter commented Jul 14, 2025

Description of the Change

After the last release (2.8.4), an error occured when our GitHub Action tried to attach the final release asset to the release (see https://github.com/10up/simple-local-avatars/actions/runs/16271766801). This is due to permission changes we made in #337. This PR updates the permissions there to ensure this works properly.

How to test the Change

Nothing really to test here

Changelog Entry

Developer - Ensure our final release asset gets attached properly to the release

Credits

Props @dkotter

Checklist:

@dkotter dkotter added this to the 2.9.0 milestone Jul 14, 2025
@dkotter dkotter self-assigned this Jul 14, 2025
@dkotter dkotter requested a review from jeffpaul as a code owner July 14, 2025 16:03
@github-actions github-actions bot added the needs:code-review This requires code review. label Jul 14, 2025
@jeffpaul jeffpaul mentioned this pull request Aug 7, 2025
Closed
4 tasks
jeffpaul
jeffpaul reviewed Aug 7, 2025
View reviewed changes
.github/workflows/push-deploy.yml
permissions:
contents: read
contents: write
packages: read
Copy link
Member

@jeffpaul jeffpaul Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this also need to be updated to write as done in #345 (and currently underway updating across other plugin repos)?

Copy link
Collaborator Author

@dkotter dkotter Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I know we have this set to write in some of our other repos but I don't think it needs to be, though I guess I don't know that for sure and hard to test until we do an actual release. Happy to update that just to be safe if we want

Copy link
Member

@jeffpaul jeffpaul Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe better to start with just this change and then can add the packages: write update later if the run fails again?

Copy link
Member

@jeffpaul jeffpaul Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm going to go ahead and update all the other PRs I opened to remove the packages: write change and merge those in so we get everything to the same contents:write/packages:read state and can iterate everything together in the future if needed.

Copy link
Member

@jeffpaul jeffpaul Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Though I guess also worth clarifying here before I march off and make broad changes, is the id-token: write bit here something we should replicate across the other deploy actions?

Copy link
Collaborator Author

@dkotter dkotter Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looked at a few other plugins that have had successful releases (including attaching a release asset) since adding custom permissions. The three I looked at (Safe SVG, Convert to Blocks, and Autoshare for Twitter all have contents: write and packages: write but none of them have id-token: write, so I don't think we need that

@jeffpaul jeffpaul moved this to Code Review in Open Source Practice Aug 7, 2025
@github-project-automation github-project-automation bot moved this from Code Review to QA Testing in Open Source Practice Aug 11, 2025
@dkotter dkotter merged commit c5927fa into develop Aug 11, 2025
14 checks passed
@dkotter dkotter deleted the fix/release-github-permissions branch August 11, 2025 20:34
@github-project-automation github-project-automation bot moved this from QA Testing to Done in Open Source Practice Aug 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeffpaul jeffpaul jeffpaul approved these changes

Assignees

@dkotter dkotter

Labels

needs:code-review This requires code review.

Projects

Open Source Practice
Archived in project

Milestone

2.9.0

Development

Successfully merging this pull request may close these issues.

2 participants

@dkotter @jeffpaul