You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This would be a large change. To avoid package builds gaining write permissions to the GH assets we currently clean out the env, so they can't get to the token easily (
In theory https://github.com/actions/toolkit/tree/main/packages/artifact#v2---whats-new would allow us to upload packages for the job without write permissions, and other jobs could iterate all other active jobs in addition to the assets. From what I see we would need to shell out to JS though to upload artifacts though, as the API isn't publicly documented.
This would be a large change. To avoid package builds gaining write permissions to the GH assets we currently clean out the env, so they can't get to the token easily (
msys2-autobuild/msys2_autobuild/build.py
Lines 97 to 108 in 1ed7c15
Ideally we would separate the third party code into an environment that doesn't have write permissions.
The text was updated successfully, but these errors were encountered: