You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This repo gets sync'd with our other orgs (e.g. trail-of-forks) via sync.yml. This works just fine, if the sync step (i.e. git merge) doesn't include a workflow change. When it does include a workflow change the sync (and all future syncs) fail, since the default GITHUB_TOKEN doesn't have the workflow permission.
This results in the following obtuse error:
To https://github.com/crytic/.github
! [remote rejected] main -> main (refusing to allow a GitHub App to create or update workflow `.github/workflows/lint.yml` without `workflows` permission)
error: failed to push some refs to 'https://github.com/crytic/.github'
Error: Process completed with exit code 1.
To get around this, we either need a long-lived PAT (not ideal, since it'd essentially be a "god-mode" PAT for all of our orgs) or to make syncing more intelligent (e.g. have each repo be a stand-alone rather than a fork, and have each update only its non-workflow files on a schedule). The latter probably makes more sense.
The text was updated successfully, but these errors were encountered:
This repo gets sync'd with our other orgs (e.g.
trail-of-forks) viasync.yml. This works just fine, if the sync step (i.e.git merge) doesn't include a workflow change. When it does include a workflow change the sync (and all future syncs) fail, since the defaultGITHUB_TOKENdoesn't have theworkflowpermission.This results in the following obtuse error:
To get around this, we either need a long-lived PAT (not ideal, since it'd essentially be a "god-mode" PAT for all of our orgs) or to make syncing more intelligent (e.g. have each repo be a stand-alone rather than a fork, and have each update only its non-workflow files on a schedule). The latter probably makes more sense.
The text was updated successfully, but these errors were encountered: