permission pull-requests: read is now optional (#44)

corentinmusard · Jan 6, 2025 · f793f8b · f793f8b
1 parent 015e81d
commit f793f8b
Show file tree

Hide file tree

Showing 8 changed files with 44 additions and 29 deletions.
diff --git a/.github/workflows/private.yml b/.github/workflows/private.yml
@@ -12,9 +12,9 @@ jobs:
     runs-on: ubuntu-latest
     # Permissions can be set on a per-job basis or at the top level
     permissions:
-      contents: read # To access the private repository
-      actions: read # To read workflow runs
-      pull-requests: read # To read PR labels
+      contents: read # Required. To access the private repository
+      actions: read # Required. To read workflow runs
+      pull-requests: read # Optional. To read PR labels
       checks: read # Optional. To read run annotations
     steps:
       - uses: actions/checkout@v4

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.2.1] - 2025-01-06
+
+### Fixed
+
+- `pull-requests: read` permission is now optional. If not set, PRs labels will not be added to the trace
+
 ## [2.2.0] - 2025-01-05
 
 ### Added
@@ -156,7 +162,8 @@ permissions:
 - Support for `https` endpoints (proto over http).
 - Update to node 20.x
 
-[unreleased]: https://github.com/corentinmusard/otel-cicd-action/compare/v2.2.0...HEAD
+[unreleased]: https://github.com/corentinmusard/otel-cicd-action/compare/v2.2.1...HEAD
+[2.2.1]: https://github.com/corentinmusard/otel-cicd-action/compare/v2.2.0...v2.2.1
 [2.2.0]: https://github.com/corentinmusard/otel-cicd-action/compare/v2.1.0...v2.2.0
 [2.1.0]: https://github.com/corentinmusard/otel-cicd-action/compare/v2.0.0...v2.1.0
 [2.0.0]: https://github.com/corentinmusard/otel-cicd-action/compare/v1.13.2...v2.0.0

diff --git a/README.md b/README.md
@@ -89,9 +89,9 @@ It can be done at the global level or at the job level.
 
 ```yaml
 permissions:
-  contents: read # To access the private repository
-  actions: read # To read workflow runs
-  pull-requests: read # To read PR labels
+  contents: read # Required. To access the private repository
+  actions: read # Required. To read workflow runs
+  pull-requests: read # Optional. To read PR labels
   checks: read # Optional. To read run annotations
 ```
 

diff --git a/dist/index.js b/dist/index.js
@@ -33917,7 +33917,7 @@ var esm$4 = /*#__PURE__*/Object.freeze({
 const tracer$2 = trace.getTracer("otel-cicd-action");
 async function traceStep(step) {
     if (!step.completed_at || !step.started_at) {
-        coreExports.warning(`Step ${step.name} is not completed yet.`);
+        coreExports.info(`Step ${step.name} is not completed yet.`);
         return;
     }
     if (step.conclusion === "cancelled" || step.conclusion === "skipped") {
@@ -33949,7 +33949,7 @@ function stepToAttributes(step) {
 const tracer$1 = trace.getTracer("otel-cicd-action");
 async function traceJob(job, annotations) {
     if (!job.completed_at) {
-        coreExports.warning(`Job ${job.id} is not completed yet`);
+        coreExports.info(`Job ${job.id} is not completed yet`);
         return;
     }
     const startTime = new Date(job.started_at);
@@ -86123,11 +86123,19 @@ async function run() {
             jobAnnotations = await getJobsAnnotations(githubExports.context, octokit, jobsId);
         }
         catch (error) {
-            coreExports.info(`Failed to get job annotations: ${error instanceof Error && error.message}`);
+            const message = error instanceof Error ? error.message : JSON.stringify(error);
+            coreExports.info(`Failed to get job annotations: ${message}}`);
         }
         coreExports.info("Get PRs labels");
         const prNumbers = (workflowRun.pull_requests ?? []).map((pr) => pr.number);
-        const prLabels = await getPRsLabels(githubExports.context, octokit, prNumbers);
+        let prLabels = {};
+        try {
+            prLabels = await getPRsLabels(githubExports.context, octokit, prNumbers);
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : JSON.stringify(error);
+            coreExports.info(`Failed to get PRs labels: ${message}}`);
+        }
         coreExports.info(`Create tracer provider for ${otlpEndpoint}`);
         const attributes = {
             [ATTR_SERVICE_NAME]: otelServiceName || workflowRun.name || `${workflowRun.workflow_id}`,
@@ -86145,19 +86153,15 @@ async function run() {
         coreExports.info(`Trace workflow run for ${runId} and export to ${otlpEndpoint}`);
         const traceId = await traceWorkflowRun(workflowRun, jobs, jobAnnotations, prLabels);
         coreExports.setOutput("traceId", traceId);
-        coreExports.debug(`traceId: ${traceId}`);
+        coreExports.info(`traceId: ${traceId}`);
         coreExports.info("Flush and shutdown tracer provider");
         await provider.forceFlush();
         await provider.shutdown();
         coreExports.info("Provider shutdown");
     }
     catch (error) {
-        if (error instanceof Error) {
-            coreExports.setFailed(error);
-        }
-        else {
-            coreExports.setFailed(`Unknown error: ${JSON.stringify(error)}`);
-        }
+        const message = error instanceof Error ? error : JSON.stringify(error);
+        coreExports.setFailed(message);
     }
 }
 

diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/runner.ts b/src/runner.ts
@@ -29,12 +29,19 @@ async function run() {
     try {
       jobAnnotations = await getJobsAnnotations(context, octokit, jobsId);
     } catch (error) {
-      core.info(`Failed to get job annotations: ${error instanceof Error && error.message}`);
+      const message = error instanceof Error ? error.message : JSON.stringify(error);
+      core.info(`Failed to get job annotations: ${message}}`);
     }
 
     core.info("Get PRs labels");
     const prNumbers = (workflowRun.pull_requests ?? []).map((pr) => pr.number);
-    const prLabels = await getPRsLabels(context, octokit, prNumbers);
+    let prLabels = {};
+    try {
+      prLabels = await getPRsLabels(context, octokit, prNumbers);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : JSON.stringify(error);
+      core.info(`Failed to get PRs labels: ${message}}`);
+    }
 
     core.info(`Create tracer provider for ${otlpEndpoint}`);
     const attributes: ResourceAttributes = {
@@ -55,18 +62,15 @@ async function run() {
     const traceId = await traceWorkflowRun(workflowRun, jobs, jobAnnotations, prLabels);
 
     core.setOutput("traceId", traceId);
-    core.debug(`traceId: ${traceId}`);
+    core.info(`traceId: ${traceId}`);
 
     core.info("Flush and shutdown tracer provider");
     await provider.forceFlush();
     await provider.shutdown();
     core.info("Provider shutdown");
   } catch (error) {
-    if (error instanceof Error) {
-      core.setFailed(error);
-    } else {
-      core.setFailed(`Unknown error: ${JSON.stringify(error)}`);
-    }
+    const message = error instanceof Error ? error : JSON.stringify(error);
+    core.setFailed(message);
   }
 }
 

diff --git a/src/trace/job.ts b/src/trace/job.ts
@@ -16,7 +16,7 @@ const tracer = trace.getTracer("otel-cicd-action");
 
 async function traceJob(job: components["schemas"]["job"], annotations?: components["schemas"]["check-annotation"][]) {
   if (!job.completed_at) {
-    core.warning(`Job ${job.id} is not completed yet`);
+    core.info(`Job ${job.id} is not completed yet`);
     return;
   }
 

diff --git a/src/trace/step.ts b/src/trace/step.ts
@@ -8,7 +8,7 @@ type Step = NonNullable<components["schemas"]["job"]["steps"]>[number];
 
 async function traceStep(step: Step) {
   if (!step.completed_at || !step.started_at) {
-    core.warning(`Step ${step.name} is not completed yet.`);
+    core.info(`Step ${step.name} is not completed yet.`);
     return;
   }