approve github actions

[Martin R]

Could I have the right to approve github actions?

Otherwise, mentoring the GSOC student over github is a pain.

Best wishes,

Martin (mantepse)

[julian...@fsfe.org]

I granted "write" permissions to you. That seems to be the required permission to approve workflow runs.

Can you check that it works now?

julian

PS: If this should be done differently, please let me know and I'll revoke that permission again :)

[Martin R]

Thank you, yes, I now have the appropriate button!

Wonderful!

[Dima Pasechnik]

On 14 May 2024 22:55:01 BST, "julian...@fsfe.org" <julian...@fsfe.org> wrote:
>I granted "write" permissions to you. That seems to be the required
>permission to approve workflow runs.

IIRC, such permissions are automatic for the members of triage team.
Could you check that Martin is there?

[David Roe]

On Tue, May 14, 2024 at 9:13 PM Dima Pasechnik <dim...@gmail.com> wrote:

On 14 May 2024 22:55:01 BST, "julian...@fsfe.org" <julian...@fsfe.org> wrote:
>I granted "write" permissions to you. That seems to be the required
>permission to approve workflow runs.

IIRC, such permissions are automatic for the members of triage team.

That's incorrect.  Triage is a lower permission level than Write; see here for more details.

David

Could you check that Martin is there?
>
>Can you check that it works now?
>
>julian
>
>PS: If this should be done differently, please let me know and I'll revoke
>that permission again :)
>
>On Tuesday, May 14, 2024 at 11:55:53 PM UTC+3 axio...@yahoo.de wrote:
>
>> Could I have the right to approve github actions?
>>
>> Otherwise, mentoring the GSOC student over github is a pain.
>>
>> Best wishes,
>>
>> Martin (mantepse)
>>
>

--
You received this message because you are subscribed to the Google Groups "sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sage-devel/0F49C387-A1D9-4517-A840-14DFD2A84BA9%40gmail.com.

[Matthias Koeppe]

I have a draft document at https://github.com/sagemath/sage/wiki/NumFOCUS#project-governance that could be updated to describe some of the elevated repository permissions and what functions/duties they are needed for.

[Dima Pasechnik]

On 15 May 2024 02:14:05 BST, David Roe <roed...@gmail.com> wrote:
>On Tue, May 14, 2024 at 9:13 PM Dima Pasechnik <dim...@gmail.com> wrote:
>
>>
>>
>> On 14 May 2024 22:55:01 BST, "julian...@fsfe.org" <julian...@fsfe.org>
>> wrote:
>> >I granted "write" permissions to you. That seems to be the required
>> >permission to approve workflow runs.
>>
>> IIRC, such permissions are automatic for the members of triage team.
>>
>
>That's incorrect. Triage is a lower permission level than Write; see here

><https://docs.github.com/en/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization>
>for more details.



"Write" has commit rights beyond doing PRs.
I don't think such permissions are needed to authorise CI runs. AFAIK, any member of "triage" can do the latter - unless this recently changed.

[David Ayotte]

> I don't think such permissions are needed to authorise CI runs. AFAIK, any member of "triage" can do the latter - unless this recently changed.

As a member of the triage team, I confirm that I don't have the rights to manually authorize CI runs, but the CI checks run automatically when I push commits to my branches.

When you are not part of the triage team, the CI checks does not run automatically and someone with "write" permission needs to activate them. Since Triage does not grant "write" permission, it is not possible for me to start the CI manually on a PR made by someone not part of either.

I think there are three solutions:

- give write permission to people of the Triage team that ask them

- include new developers in the Triage team

- ask for someone with "write" permission to start the CI runs on a specific PR.

I personally think the three options are fine.

[Matthias Koeppe]

On Wednesday, May 15, 2024 at 5:36:06 AM UTC-7 David Ayotte wrote:

When you are not part of the triage team, the CI checks does not run automatically and someone with "write" permission needs to activate them.

A correction: It is only CI checks for "first-time contributors" that require approval.

As soon as their first contribution has been merged in develop, they are no longer "first-time contributors", and their CI checks will run automatically. Triage team membership is not needed for this.

https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks#about-workflow-runs-from-public-forks