fix(actions): removed token from remaining actions #805
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of your changes
As of recently, the
on-merge-to-main
workflow has been failing in the very first step (actions/checkout@v3
) (example). I have tried to run it again multiple times and then was able to track down the issue to a recent change in the action’s repo (PR).Based on the content of that PR and related discussion, the GH action introduced a new default value around the
git config safe.directory
setting (default true
) that seems to be what’s breaking our workflow, as well as others (one and two).I have tried this in a fork, and setting the config to
*
(aka no check forsafe.directory
) fixes the issue (link).Just for context, the docs for that config say this:
Even though the risk of disabling the git check is acceptable, while making the changes for this PR I have noticed that other workflows like
pr-lint-and-test
(who also use that same GH Action) have kept running and not erroring (example).The main, and only, difference between the two workflow and how they use
actions/checkout@v3
is the one (the failing one) used to set a specific GitHub secret. This secret was there for historical reasons as the initial version of the workflow was set up when the repo was still private - hence the need for a token.Before setting the
safe.directory
config to allow all I would like, with this PR, to try to remove the token first. If my understanding of the issue is correct then this workflow should start working again (@ijemmy you were right on Slack as for where the actual issue was) since with no token, the ownership/user will be the default one like in the other workflow that are still working.How to verify this change
I have already tried this config on a forked repo: https://github.com/dreamorosi/aws-lambda-powertools-typescript/runs/6160173289?check_suite_focus=true
But the only way to see it (AFAIK) is to merge and see the result. If this doesn't work then I'll roll-back & set the wildcard.
Related issues, RFCs
N/A
PR status
Is this ready for review?: YES
Is it a breaking change?: NO
Checklist
Breaking change checklist
N/A
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.