Skip to content

Feature/922 make permissions configurable for custom workflows#923

Open
ArBridgeman wants to merge 12 commits into
mainfrom
feature/922_make_permissions_configurable_for_custom_workflows
Open

Feature/922 make permissions configurable for custom workflows#923
ArBridgeman wants to merge 12 commits into
mainfrom
feature/922_make_permissions_configurable_for_custom_workflows

Conversation

@ArBridgeman

Copy link
Copy Markdown
Collaborator

closes #922

Checklist

Note: If any of the items in the checklist are not relevant to your PR, just check the box.

For any Pull Request

Is the following correct:

  • the title of the Pull Request?
  • the title of the corresponding issue?
  • there are no other open Pull Requests for the same update/change?
  • that the issue which this Pull Request fixes ("Fixes...") is mentioned?

When Changes Were Made

Did you:

  • update the changelog?
  • update the cookiecutter-template?
  • update the implementation?
  • check coverage and add tests: unit tests and, if relevant, integration tests?
  • update the User Guide & other documentation?
  • resolve any failing CI criteria (incl. Sonar quality gate)?

When Preparing a Release

Have you:

  • thought about version number (major, minor, patch)?
  • checked Exasol packages for updates and resolved open vulnerabilities, if easily possible?

@ArBridgeman ArBridgeman force-pushed the feature/922_make_permissions_configurable_for_custom_workflows branch from 10e54e9 to 3b03bca Compare July 10, 2026 08:53
- This is already present in the CLI of the nox sessions workflow:check and workflow:generate
- This is already required by the WorkflowOrchestrator which is a pydantic model which restricts WorkflowChoice
and hard-code maps it to the right values.
@ArBridgeman ArBridgeman force-pushed the feature/922_make_permissions_configurable_for_custom_workflows branch from 1eae0d1 to 69e8d14 Compare July 10, 2026 08:58
Render the selected workflows and write them to disk.
"""
for workflow in self._iter_workflows():
# First, generate not-maintained workflows for a new project.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was actually an unidentified bug in the setup. So when we just had secrets, it went unnoticed as the default slow-checks.yml doesn't have secrets that need to be passed. However, as permissions should always be set to adhere to the best security practices; it's best that we separate the two workflow types PTB-controlled vs custom at a higher level.

@ArBridgeman

Copy link
Copy Markdown
Collaborator Author

@codex

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 69e8d1492a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread exasol/toolbox/util/workflows/custom_workflow.py
Comment thread exasol/toolbox/util/workflows/custom_workflow.py
@ArBridgeman ArBridgeman deployed to manual-approval July 10, 2026 12:15 — with GitHub Actions Active
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Make permissions configurable for custom workflows

1 participant