Thread
-
Re: Heads Up: cirrus-ci is shutting down June 1st
Jacob Champion <jacob.champion@enterprisedb.com> — 2026-05-27T22:15:46Z
On Wed, May 27, 2026 at 11:10 AM Andres Freund <andres@anarazel.de> wrote: > > +# Default to the minimum privilege the jobs need (just reading the repo > > +# contents during checkout). Individual jobs override this when they need > > +# more, e.g. `cancel-previous` needs `actions: write` to cancel runs. > > +permissions: > > + contents: read > > I'm not sure I like that we ever need more than that. I'd expect that > postgresql-cfbot will explicitly disable write permissions for runs. +1, and +1 for getting rid of the custom cancel, for that reason. - Do we need to defend our downstream forks from this workflow? (We have 5,700 of them, apparently.) - Do the pginfra folks who own the repo need to lock down all the Actions settings before we ship this? (On my fork, at least, the default settings were horrifically permissive.) --Jacob