bartoszek/zephyr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ci: maintainer_check: Use zephyrbot token

Browse Source 
This commit updates the maintainer check workflow to use the zephyrbot "PR
assigner" token with `org:read` permission because the default workflow
token is not able to retrieve organisation-level user membership
information.

Note that the workflow trigger condition is changed from `pull_request` to
`pull_request_target` because non-workflow secrets may not be accessed from
`pull_request` trigger for security reasons.

Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit is contained in:
Stephanos Ioannidis 2025-07-17 09:04:57 +09:00
parent 63bf487a56
commit 31ef45e2f1
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/maintainer_check.yml vendored
View File

@ -1,7 +1,7 @@
name: Maintainer file check
on:
pull_request:
pull_request_target:
branches:
- main
paths:
@ -37,7 +37,7 @@ jobs:
- name: Check maintainer file changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.ZB_PR_ASSIGNER_GITHUB_TOKEN }}
run: |
python ./scripts/ci/check_maintainer_changes.py \
--repo zephyrproject-rtos/zephyr mainline_MAINTAINERS.yml MAINTAINERS.yml