-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use new GitHub pages workflow #4000
Conversation
@microsoft-github-policy-service agree |
permissions: | ||
contents: read | ||
pages: write | ||
id-token: write |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is this permission needed for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
GitHub pages needs it internally to write to the pages container registry.
https://github.com/actions/deploy-pages/blob/b580d214b4e13b2a70d0e04376a86ed862ebb558/README.md?plain=1#L31
The Id token allows it to use JWTs internally, somehow it's more secure according to them. It's quite a bit more secure and convenient than what's currently there, as to make it work currently you have to blanket grant all actions write access in GitHub settings's GUI, just for pages to work via the old commit to a branch method.
The old code made all workflows have write access to all code and pages. The new. Odd gives write access to pages for one workflow, while keeping all other ones read-only.
Thanks for the PR! |
@hediet in GitHub pages settings you'll have to switch the deployment from "branch deployment" to CI deployment. This is in regards to the |
The new one allows you to specify GITHUB_TOKEN permissions in the workflows file... which means forkers don't need to dig through GUI settings to get it working. It also doesn't require a second noisy branch to function, and can help reduce package size for large repos. An 800MB repo doesn't sound like a lot, but thats before Yarn and Playwright have a go at your poor computer, also my 16GB computer has been screaming at me about RAM usage, not sure if that had something to do with it.
P.S. I was working on something far more exciting... this is just to test the waters.
Also, I was surprised to see so many samples, good ones, that aren't exposed on the website.
proof that it works:
https://github.com/FossPrime/monaco-editor/actions/runs/5166983110