Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

codeql: Fix GitHub Action permissions #17376

Merged
merged 1 commit into from Sep 15, 2021
Merged

codeql: Fix GitHub Action permissions #17376

merged 1 commit into from Sep 15, 2021

Conversation

twpayne
Copy link
Contributor

@twpayne twpayne commented Sep 13, 2021

CodeQL needs permission to write security events.

See https://github.com/github/codeql-action#usage, for example.

@twpayne
codeql: Fix GitHub Action permissions
d3695ff 
We recently started getting the message

  request: {
    method: 'PUT',
    url: 'https://api.github.com/repos/cilium/cilium/code-scanning/analysis/status',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'CodeQL Action octokit-core.js/3.1.2 Node.js/12.13.1 (linux; x64)',
      authorization: 'token [REDACTED]',
      'content-type': 'application/json; charset=utf-8'
    },
    body: '{"workflow_run_id":1221776932,"workflow_name":"codeql","job_name":"analyze","analysis_key":".github/workflows/lint-codeql.yaml:analyze","commit_oid":"d82ac6f54c0118088cc46d8d892ff5e87cf5d09e","ref":"refs/heads/master","action_name":"init","action_ref":"b7dd4a6f2c343e29a9ab8e181b2f540816f28bd7","action_oid":"unknown","started_at":"2021-09-10T15:35:29.029Z","action_started_at":"2021-09-10T15:35:29.029Z","status":"starting","cause":"MismatchedBranches","matrix_vars":"null"}',
    request: { agent: [Agent], hook: [Function: bound bound register] }
  },
  documentation_url: 'https://docs.github.com/rest'
}
Error: Resource not accessible by integration

when CodeQL runs on CI.

From reading github/codeql-action#464,
permission to write security events is needed.

Signed-off-by: Tom Payne <tom@isovalent.com>
@twpayne twpayne added area/CI Continuous Integration testing issue or flake release-note/misc This PR makes changes that have no direct user impact. labels Sep 13, 2021
@twpayne twpayne requested a review from aanm September 13, 2021 11:09
@twpayne twpayne marked this pull request as ready for review September 13, 2021 11:09
@twpayne twpayne requested review from a team as code owners September 13, 2021 11:09
@aanm aanm merged commit 0fe79c5 into cilium:master Sep 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaworu kaworu kaworu approved these changes

@christarazi christarazi christarazi approved these changes

@aanm aanm aanm approved these changes

Assignees
No one assigned
Labels
area/CI Continuous Integration testing issue or flake release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@twpayne @kaworu @christarazi @aanm