Skip to content

ci(update-3rdparty): fix broken push and add permission check#59464

Open
joshtrichards wants to merge 2 commits intomasterfrom
jtr/ci-3rdparty-push
Open

ci(update-3rdparty): fix broken push and add permission check#59464
joshtrichards wants to merge 2 commits intomasterfrom
jtr/ci-3rdparty-push

Conversation

@joshtrichards
Copy link
Copy Markdown
Member

@joshtrichards joshtrichards commented Apr 6, 2026
edited
Loading

  • Resolves: #

Summary

Fixes and hardens the /update-3rdparty comment-command workflow.

  • Fix broken git push: persist-credentials: false meant there were no credentials at push time; add explicit git remote set-url
  • Add check-actor-permission with require: write -- previously any commenter could trigger the workflow but since push fails anyway was a non-issue
  • Replace ${{ }} interpolation in run: blocks with env: indirection (defense-in-depth)

Companion PR: nextcloud/.github#697

TODO

  • ...

Checklist

AI (if applicable)

  • The content of this PR was partly or fully generated using AI

@joshtrichards
ci(update-3rdparty): add permission check and fix broken push
7179f9e 
- Add missing check-actor-permission gate (require: write)
- Add git remote set-url before push to provide credentials
  (persist-credentials: false meant git push had no auth)
- Move ${{ }} interpolations in run: blocks to env: variables

Signed-off-by: Josh <josh.t.richards@gmail.com>
@joshtrichards
chore: re-add accidentally dropped comments
780e3f9 
Signed-off-by: Josh <josh.t.richards@gmail.com>
@joshtrichards joshtrichards mentioned this pull request Apr 6, 2026
Open
@joshtrichards joshtrichards marked this pull request as ready for review April 6, 2026 12:11
@joshtrichards joshtrichards requested a review from a team as a code owner April 6, 2026 12:11
@joshtrichards joshtrichards requested review from ArtificialOwl, artonge, icewind1991 and leftybournes and removed request for a team April 6, 2026 12:11
@joshtrichards joshtrichards added 3. to review Waiting for reviews CI labels Apr 6, 2026
@susnux susnux requested review from miaulalala and nickvergessen and removed request for ArtificialOwl April 6, 2026 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@icewind1991 icewind1991 Awaiting requested review from icewind1991 icewind1991 is a code owner automatically assigned from nextcloud/server-backend

@artonge artonge Awaiting requested review from artonge artonge is a code owner automatically assigned from nextcloud/server-backend

@leftybournes leftybournes Awaiting requested review from leftybournes leftybournes is a code owner automatically assigned from nextcloud/server-backend

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@miaulalala miaulalala Awaiting requested review from miaulalala

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

3. to review Waiting for reviews CI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@joshtrichards