Skip to content

Commit 624bdac

Browse files
committed
ci: gate coverage publish on push events
coverage-action with publish: true always tries to push to _xml_coverage_reports, but fork PRs get a read-only GITHUB_TOKEN regardless of the permissions block. Gate publish on push events so fork PRs skip the write step entirely. pull-requests: write is kept for PR annotations. Signed-off-by: Erik Nilsen <enilsen16@live.com>
1 parent 8aca40f commit 624bdac

1 file changed

Lines changed: 4 additions & 1 deletion

File tree

.github/workflows/ci-rust.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,9 @@ jobs:
3737

3838
test:
3939
runs-on: ubuntu-latest
40+
permissions:
41+
contents: write
42+
pull-requests: write
4043
env:
4144
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
4245
steps:
@@ -70,7 +73,7 @@ jobs:
7073
path: rsworkspace/coverage.xml
7174
threshold: 95
7275
fail: true
73-
publish: true
76+
publish: ${{ github.event_name == 'push' }}
7477
diff: true
7578
diff-branch: main
7679
diff-storage: _xml_coverage_reports

0 commit comments

Comments
 (0)