Skip to content

Add additional GHA settings #894

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add additional GHA settings #894

wants to merge 6 commits into from
+16 −0

Conversation

mhucka
Copy link
Contributor

@mhucka mhucka commented Mar 4, 2025

This adds some miscellaneous settings:

  • Set workflow default permissions as read-only (per security best
    practices)
  • Support merge queues
  • Support manual invocation (for debugging)
  • Make it so that starting another run of this workflow will cancel
    any ongoing runs for the same PR or branch (e.g., because a new push
    happened while the workflow is still running from a previous push)

@mhucka
Add additional GHA settings
f064e84 
This adds some miscellaneous settings:

- Set workflow default permissions as read-only (per security best
  practices)
- Support merge queues
- Support manual invocation (for debugging)
- Make it so that starting another run of this workflow will cancel
  any ongoing runs for the same PR or branch (e.g., because a new push
  happened while the workflow is still running from a previous push)
@mhucka mhucka self-assigned this Mar 4, 2025
@mhucka mhucka requested a review from Strilanc March 4, 2025 04:20
@Strilanc
Copy link
Collaborator

Strilanc commented Mar 4, 2025

If you can get merge queues working smoothly, I'd absolutely use them. Last time I tried I failed.

Strilanc
Strilanc approved these changes Apr 5, 2025
View reviewed changes
.github/workflows/ci.yml
cancel-in-progress: true
group: ${{github.workflow}}-${{github.event.pull_request.number||github.ref}}

# Declare default permissions as read-only.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

permissions for what?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Permissions granted to workflow actions w.r.t. GITHUB_TOKEN.

C.f. https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token

.github/workflows/ci.yml
merge_group:
types:
- checks_requested
# Allow manual invocation – useful for debugging.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

manual invocation how?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment refers to the next line, which is workflow_dispatch.

C.f. https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Strilanc Strilanc Strilanc approved these changes

Assignees

@mhucka mhucka

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mhucka @Strilanc