[ci] grants write permission to create branch in remote#11269
Merged
Conversation
Contributor
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
Collaborator
|
Giving the entire job full write permissions to the repo seems very risky. Can we refactor to have a specific step do nothing but create the branch, and give only that step write access? /cc @jtmcdole for potential Infra input on access scoping. |
Contributor
Author
|
There isn't a good way to set granular permission for each step unless we use Personal access token. The best we can do is to separate out different job and gave different permission for each job. However, each job will be different run instance, and won't share the environment setup. This means the source code checkout and repo tool setup will have to be called for each job. I separated out the branch creation and pull request creation to be separated job to have slightly better permission control. If we want anything better, we will need to set up PAT, probably using the @fluttergithubbot . |
Contributor
Author
|
a friendly ping, this is blocking go_router releases |
stuartmorgan-g
approved these changes
Mar 19, 2026
stuartmorgan-g
left a comment
Collaborator
There was a problem hiding this comment.
LGTM.
I just realized that release.yaml already uses this permission, since it's pushing tags, so the large permission scope is a pre-existing issue. Probably something we should revisit with smaller scope in a future design, but for now this is consistent with our current auto-releases.
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/flutter
that referenced
this pull request
Mar 20, 2026
github-merge-queue Bot
pushed a commit
to flutter/flutter
that referenced
this pull request
Mar 20, 2026
flutter/packages@99155a8...8dcfd11 2026-03-19 47866232+chunhtai@users.noreply.github.com [ci] grants write permission to create branch in remote (flutter/packages#11269) 2026-03-19 Deil.Christoph@gmail.com [camera] Make Optional.of constructor const (flutter/packages#11247) If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/flutter-packages-flutter-autoroll Please CC flutter-ecosystem@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Flutter: https://github.com/flutter/flutter/issues/new/choose To report a problem with the AutoRoller itself, please file a bug: https://issues.skia.org/issues/new?component=1389291&template=1850622 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
Contributor
|
It looks like the tree has been broken since this change, should we revert? |
Contributor
Author
|
The current breakage is due FTL flutter/flutter#183935 |
Contributor
|
Ah gotcha! Thank you. This is why I asked first. 😅 |
Collaborator
|
FTL and now flutter/flutter#184047 as well. |
okorohelijah
pushed a commit
to okorohelijah/packages
that referenced
this pull request
Mar 26, 2026
The branch release workflow failed with ``` Parsing package "packages/packages/go_router"... Creating new branch "go_router-23134404669-1"... Pushing branch go_router-23134404669-1 to remote origin... Unhandled exception: ProcessException: remote: Permission to flutter/packages.git denied to github-actions[bot]. fatal: unable to access 'https://github.com/flutter/packages/': The requested URL returned error: 403 Command: git push origin go_router-23134404669-1 ``` https://github.com/flutter/packages/actions/runs/23134404669/job/67194648551 ## Pre-Review Checklist **Note**: The Flutter team is currently trialing the use of [Gemini Code Assist for GitHub](https://developers.google.com/gemini-code-assist/docs/review-github-code). Comments from the `gemini-code-assist` bot should not be taken as authoritative feedback from the Flutter team. If you find its comments useful you can update your code accordingly, but if you are unsure or disagree with the feedback, please feel free to wait for a Flutter team member's review for guidance on which automated comments should be addressed. [^1]: Regular contributors who have demonstrated familiarity with the repository guidelines only need to comment if the PR is not auto-exempted by repo tooling.
mboetger
pushed a commit
to mboetger/flutter
that referenced
this pull request
Mar 26, 2026
…r#183930) flutter/packages@99155a8...8dcfd11 2026-03-19 47866232+chunhtai@users.noreply.github.com [ci] grants write permission to create branch in remote (flutter/packages#11269) 2026-03-19 Deil.Christoph@gmail.com [camera] Make Optional.of constructor const (flutter/packages#11247) If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/flutter-packages-flutter-autoroll Please CC flutter-ecosystem@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Flutter: https://github.com/flutter/flutter/issues/new/choose To report a problem with the AutoRoller itself, please file a bug: https://issues.skia.org/issues/new?component=1389291&template=1850622 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
ahmedsameha1
pushed a commit
to ahmedsameha1/flutter
that referenced
this pull request
Apr 14, 2026
…r#183930) flutter/packages@99155a8...8dcfd11 2026-03-19 47866232+chunhtai@users.noreply.github.com [ci] grants write permission to create branch in remote (flutter/packages#11269) 2026-03-19 Deil.Christoph@gmail.com [camera] Make Optional.of constructor const (flutter/packages#11247) If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/flutter-packages-flutter-autoroll Please CC flutter-ecosystem@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Flutter: https://github.com/flutter/flutter/issues/new/choose To report a problem with the AutoRoller itself, please file a bug: https://issues.skia.org/issues/new?component=1389291&template=1850622 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
creatorpiyush
pushed a commit
to creatorpiyush/packages
that referenced
this pull request
Jun 10, 2026
The branch release workflow failed with ``` Parsing package "packages/packages/go_router"... Creating new branch "go_router-23134404669-1"... Pushing branch go_router-23134404669-1 to remote origin... Unhandled exception: ProcessException: remote: Permission to flutter/packages.git denied to github-actions[bot]. fatal: unable to access 'https://github.com/flutter/packages/': The requested URL returned error: 403 Command: git push origin go_router-23134404669-1 ``` https://github.com/flutter/packages/actions/runs/23134404669/job/67194648551 ## Pre-Review Checklist **Note**: The Flutter team is currently trialing the use of [Gemini Code Assist for GitHub](https://developers.google.com/gemini-code-assist/docs/review-github-code). Comments from the `gemini-code-assist` bot should not be taken as authoritative feedback from the Flutter team. If you find its comments useful you can update your code accordingly, but if you are unsure or disagree with the feedback, please feel free to wait for a Flutter team member's review for guidance on which automated comments should be addressed. [^1]: Regular contributors who have demonstrated familiarity with the repository guidelines only need to comment if the PR is not auto-exempted by repo tooling.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The branch release workflow failed with
https://github.com/flutter/packages/actions/runs/23134404669/job/67194648551
Pre-Review Checklist
[shared_preferences]///).If you need help, consider asking for advice on the #hackers-new channel on Discord.
Note: The Flutter team is currently trialing the use of Gemini Code Assist for GitHub. Comments from the
gemini-code-assistbot should not be taken as authoritative feedback from the Flutter team. If you find its comments useful you can update your code accordingly, but if you are unsure or disagree with the feedback, please feel free to wait for a Flutter team member's review for guidance on which automated comments should be addressed.Footnotes
Regular contributors who have demonstrated familiarity with the repository guidelines only need to comment if the PR is not auto-exempted by repo tooling. ↩ ↩2