Skip to content

ci: fix GHA cache permissions and guard cache-to for fork PRs#246

Merged
plexoos merged 6 commits intopr/update-workflow-matrixfrom
copilot/sub-pr-244
Mar 31, 2026
Merged

ci: fix GHA cache permissions and guard cache-to for fork PRs#246
plexoos merged 6 commits intopr/update-workflow-matrixfrom
copilot/sub-pr-244

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 26, 2026
edited
Loading

type=gha cache in build-release-smoke was missing the required actions: write permission, and cache-to was unconditionally set — causing failures on fork PRs where the token cannot be granted write access.

Changes

  • Permissions: Added permissions: contents: read + actions: write to build-release-smoke job
  • Fork guard: Extracted cache scope into CACHE_SCOPE env var and set IS_FORK from github.event.pull_request.head.repo.full_name != github.repository; cache-to is only populated for non-fork PRs:
cache-from: type=gha,scope=${{ env.CACHE_SCOPE }}
cache-to: ${{ env.IS_FORK == 'false' && format('type=gha,mode=max,scope={0}', env.CACHE_SCOPE) || '' }}

⚡ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.

Copilot AI mentioned this pull request Mar 26, 2026
Open
Copilot AI and others added 2 commits March 26, 2026 15:45
Copilot AI changed the title [WIP] [WIP] ci: apply feedback on image build matrix and workflows adjustments ci: fix GHA cache permissions and guard cache-to for fork PRs Mar 26, 2026
Copilot AI requested a review from plexoos March 26, 2026 15:50
@plexoos
Copy link
Copy Markdown
Member

plexoos commented Mar 26, 2026

@codex review

@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector bot commented Mar 26, 2026

Codex Review: Didn't find any major issues. More of your lovely PRs please.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@plexoos plexoos force-pushed the pr/update-workflow-matrix branch 5 times, most recently from a2baeaf to ec4058d Compare March 31, 2026 14:12
@plexoos plexoos marked this pull request as ready for review March 31, 2026 16:20
Copilot AI review requested due to automatic review settings March 31, 2026 16:20
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the pull-request CI workflow to make GitHub Actions cache usage reliable by explicitly granting the needed permissions and preventing cache writes when the workflow runs for forked pull requests (where the token cannot have write access).

Changes:

  • Add explicit job-level permissions for build-release-smoke to enable type=gha cache writes.
  • Introduce CACHE_SCOPE and IS_FORK environment variables to centralize cache scoping and detect fork PRs.
  • Guard cache-to so it is only set for non-fork pull requests, avoiding failures on forks.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@plexoos plexoos merged commit 25066bc into pr/update-workflow-matrix Mar 31, 2026
8 of 9 checks passed
@plexoos plexoos deleted the copilot/sub-pr-244 branch March 31, 2026 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@plexoos plexoos Awaiting requested review from plexoos

Assignees

@plexoos plexoos

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@plexoos