[BRE-1592] Update check permission workflow v2#704
Open
brandonbiete wants to merge 17 commits into
Open
Conversation
|
Great job! No new security vulnerabilities introduced in this pull request |
gitclonebrian
requested changes
Apr 15, 2026
Contributor
gitclonebrian
left a comment
gitclonebrian
left a comment
There was a problem hiding this comment.
Outputting errors to the step summary can be helpful when troubleshooting
- Add README.md with workflow documentation - Add check-permission.yml template workflow - Create test-action.yml with test mode for testing only - Add test workflow validating all failure modes - Addresses security issue from #700 by isolating test mode
- Add validation for test_user_permission input - Add security architecture comment explaining test_mode isolation - Document test-action.yml in README with security note
- Move test-action.yml to check-permission-test/action.yml - Update test workflow to use ./check-permission-test directory - Update README to reference new test action location - Fixes GitHub Actions directory requirement for local actions
The job needs to actually fail for validation to detect it
- Remove check-permission-test directory and test_mode bypass - Update test workflow to call production workflow with real permissions - Tests assume runner has write but not admin permission - Update README to document new testing approach
Co-authored-by: gitclonebrian <235774926+gitclonebrian@users.noreply.github.com>
Co-authored-by: gitclonebrian <235774926+gitclonebrian@users.noreply.github.com>
Co-authored-by: gitclonebrian <235774926+gitclonebrian@users.noreply.github.com>
Co-authored-by: gitclonebrian <235774926+gitclonebrian@users.noreply.github.com>
Co-authored-by: gitclonebrian <235774926+gitclonebrian@users.noreply.github.com>
Co-authored-by: gitclonebrian <235774926+gitclonebrian@users.noreply.github.com>
Co-authored-by: gitclonebrian <235774926+gitclonebrian@users.noreply.github.com>
Co-authored-by: gitclonebrian <235774926+gitclonebrian@users.noreply.github.com>
Uses github.workflow_ref to determine which version of the action to checkout. External repos calling with @main get the action from main, while PR tests get the action from the PR branch. This allows testing action changes in PRs and fixes external repo failures where the action couldn't be found.
…e calling workflow
gitclonebrian
force-pushed
the
bre-1592/update-check-permission-workflow-v2
branch
from
50fc795 to
e0124d7
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎟️ Tracking
https://bitwarden.atlassian.net/browse/BRE-1592
📔 Objective
Fixes #700 issues with all the requirements to satisfy workflow centralization effort.
🚨 Breaking Changes