This is an automated email from the ASF dual-hosted git repository. willholley pushed a commit to branch releaser-contents-permission in repository https://gitbox.apache.org/repos/asf/couchdb-helm.git
commit ee1143a01aa8daf21cff0a13c5ccb9891fabf0a2 Author: Will Holley <[email protected]> AuthorDate: Tue Oct 25 08:31:00 2022 +0100 inline GitHub actions Why: ASF guidance is to [inline 3rd party GitHub actions](https://cwiki.apache.org/confluence/display/BUILDS/GitHub+Actions+status#GitHubActionsstatus-Security) as repository submodules. This had already been done for the chart-releaser, chart-testing and kind actions, but not for the helm-setup or create-pull-request actionsl What: Inline the remaining 3rd party GitHub Actions as submodules. The official GitHub Action (checkout) remains external. This also grants the chart-releaser workflow `content:write` permissions to allow it to create releases. --- .github/workflows/chart-rebuild.yaml | 4 ++-- .github/workflows/chart-releaser.yaml | 4 ++-- .github/workflows/chart-test.yaml | 6 +++--- .gitmodules | 6 ++++++ 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/workflows/chart-rebuild.yaml b/.github/workflows/chart-rebuild.yaml index dc0ed36..945cd73 100644 --- a/.github/workflows/chart-rebuild.yaml +++ b/.github/workflows/chart-rebuild.yaml @@ -19,7 +19,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3 + uses: ./.github/actions/setup-helm with: version: v3.10.0 @@ -52,7 +52,7 @@ jobs: - name: Create Pull Request id: cpr - uses: peter-evans/create-pull-request@v4 + uses: ./.github/actions/create-pull-request with: commit-message: Rebuild index.yaml title: Rebuild index.yaml diff --git a/.github/workflows/chart-releaser.yaml b/.github/workflows/chart-releaser.yaml index 648e3c1..eadf362 100644 --- a/.github/workflows/chart-releaser.yaml +++ b/.github/workflows/chart-releaser.yaml @@ -6,7 +6,7 @@ on: - main permissions: - contents: read + contents: write deployments: write jobs: @@ -26,7 +26,7 @@ jobs: git config user.email "[email protected]" - name: Install Helm - uses: azure/setup-helm@v3 + uses: ./.github/actions/setup-helm with: version: v3.10.0 diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 5865e50..7197351 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -27,7 +27,7 @@ jobs: submodules: recursive - name: Set up Helm - uses: azure/setup-helm@v3 + uses: ./.github/actions/setup-helm with: version: v3.10.0 @@ -41,14 +41,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 persist-credentials: false submodules: recursive - name: Set up Helm - uses: azure/setup-helm@v3 + uses: ./.github/actions/setup-helm with: version: v3.10.0 diff --git a/.gitmodules b/.gitmodules index e7cadd5..70f3305 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,3 +7,9 @@ [submodule ".github/actions/chart-releaser-action"] path = .github/actions/chart-releaser-action url = https://github.com/helm/chart-releaser-action.git +[submodule ".github/actions/setup-helm"] + path = .github/actions/setup-helm + url = https://github.com/Azure/setup-helm.git +[submodule ".github/actions/create-pull-request"] + path = .github/actions/create-pull-request + url = https://github.com/peter-evans/create-pull-request.git
