Skip to content

fix: Enable submitting empty allowlist for actions permissions patterns#4371

Open
deiga wants to merge 2 commits into
google:masterfrom
F-Secure-web:enable-empty-allowlist-actions-permissions
Open

fix: Enable submitting empty allowlist for actions permissions patterns#4371
deiga wants to merge 2 commits into
google:masterfrom
F-Secure-web:enable-empty-allowlist-actions-permissions

Conversation

@deiga

@deiga deiga commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Resolves #4359

This PR changes PatternsAllowed to use omitzero instead of omitempty. That enables submitting an empty List to the API and thus override any currently set allowlisted patterns.

deiga added 2 commits July 7, 2026 22:17
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga deiga marked this pull request as draft July 7, 2026 19:37
@deiga deiga marked this pull request as ready for review July 7, 2026 19:37
@deiga deiga changed the title enable empty allowlist actions permissions Enable submitting an empty allowlist for actions permissions patterns Jul 7, 2026
@gmlewis gmlewis changed the title Enable submitting an empty allowlist for actions permissions patterns fix: Enable submitting empty allowlist for actions permissions patterns Jul 7, 2026
@gmlewis gmlewis added the NeedsReview PR is awaiting a review before merging. label Jul 7, 2026
@codecov

codecov Bot commented Jul 7, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.51%. Comparing base (90a1849) to head (f5d3831).

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #4371   +/-   ##
=======================================
  Coverage   97.51%   97.51%           
=======================================
  Files         193      193           
  Lines       19526    19526           
=======================================
  Hits        19040    19040           
  Misses        269      269           
  Partials      217      217           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@gmlewis gmlewis left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @deiga!
LGTM.
Awaiting second LGTM+Approval from any other contributor to this repo before merging.

cc: @stevehipwell - @alexandear - @Not-Dhananjay-Mishra

GithubOwnedAllowed *bool `json:"github_owned_allowed,omitempty"`
VerifiedAllowed *bool `json:"verified_allowed,omitempty"`
PatternsAllowed []string `json:"patterns_allowed,omitempty"`
PatternsAllowed []string `json:"patterns_allowed,omitzero"`

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add a comment about distinguishing passing an empty slice []string{} and passing nil slice and why we need both.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

NeedsReview PR is awaiting a review before merging.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

BUG: GitHub Actions Permissions do not allow emptying a once-set allowlist

3 participants