Skip to content

bugfix: update permissions and improve error handling in PR comment workflow#853

Merged
cfc4n merged 1 commit into
masterfrom
bugfix/workflow_post_comment
Oct 12, 2025
Merged

bugfix: update permissions and improve error handling in PR comment workflow#853
cfc4n merged 1 commit into
masterfrom
bugfix/workflow_post_comment

Conversation

@cfc4n
Copy link
Copy Markdown
Member

@cfc4n cfc4n commented Oct 12, 2025
edited
Loading

This pull request updates the pr_build_debug.yml GitHub Actions workflow to improve security and reliability. The most important changes are:

Permissions and Security:

  • Changed the contents permission from write to read and added actions: read to limit the workflow’s access scope, following the principle of least privilege.

Workflow Reliability and Correctness:

  • Added a conditional to the "Comment PR with Download Links" job so it only runs for pull requests from the same repository, preventing issues with forks.
  • Explicitly set the github-token input for the actions/github-script step to ensure proper authentication.
  • Wrapped the comment creation in a try/catch block to log success or failure, improving error handling and debugging information.

fix: #852

@cfc4n
bugfix: update permissions and improve error handling in PR comment w…
eb776a8 
…orkflow

fix: #852
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n cfc4n requested a review from Copilot October 12, 2025 09:33
@cfc4n cfc4n self-assigned this Oct 12, 2025
@cfc4n cfc4n linked an issue Oct 12, 2025 that may be closed by this pull request
Actions: 403 Resource not accessible by integration when posting PR comment via actions/github-script@v7 #852
Closed
@dosubot dosubot Bot added the size:M This PR changes 30-99 lines, ignoring generated files. label Oct 12, 2025
Copilot AI reviewed Oct 12, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves the security and reliability of the GitHub Actions workflow for commenting on pull requests with debug build artifacts. It implements the principle of least privilege by reducing permissions and adds proper error handling.

  • Reduced workflow permissions from contents: write to contents: read and added actions: read
  • Added conditional check to prevent the comment job from running on forked PRs
  • Improved error handling with try/catch block and explicit token configuration

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@dosubot dosubot Bot added the 🐞 bug Something isn't working label Oct 12, 2025
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Oct 12, 2025

🔧 Debug Build Complete (PR 853, RunID 18442172118)

📦 Download Links:

⏰ Files will be retained for 7 days, please download and test promptly.

@cfc4n cfc4n merged commit 7a5029d into master Oct 12, 2025
10 checks passed
@cfc4n cfc4n deleted the bugfix/workflow_post_comment branch October 12, 2025 09:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@cfc4n cfc4n

Labels

🐞 bug Something isn't working size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Actions: 403 Resource not accessible by integration when posting PR comment via actions/github-script@v7

2 participants

@cfc4n