Willy,
On 10/18/21 10:51 AM, Willy Tarreau wrote:
On Mon, Oct 18, 2021 at 09:18:12AM +0200, Tim Düsterhus wrote:
Hu, interesting. Is the GitHub Mirror Sync broken? I'm seeing changes in
https://git.haproxy.org/?p=haproxy.git, but not in GitHub.
So it was in relation with the Painful Access Token apparently. The
mirror user was not allowed anymore to push to .github/workflows:
$ git push github
Counting objects: 99, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (63/63), done.
Writing objects: 100% (63/63), 6.69 KiB | 0 bytes/s, done.
Total 63 (delta 51), reused 0 (delta 0)
remote: Resolving deltas: 100% (51/51), completed with 34 local objects.
To https://github.com/haproxy/haproxy.git
! [remote rejected] master -> master (refusing to allow a Personal Access
Token to create or update workflow `.github/workflows/codespell.yml` without
`workflow` scope)
I don't really see the relation with any of the recent changes. Thus I
switched to SSH and got rid of the stupid clear-text PAT and now it's
OK again.
GitHub Action Workflows are pretty powerful and can do all kinds of
stuff within a repository. I assume that GitHub wanted to increase the
security by not allowing arbitrary tokens to change them, when the
purpose of the token is something entirely different.
I assume that simply using SSH will be stable going forward. That's all
I ever used for write access since I signed up to GitHub.
Best regards
Tim Düsterhus
