Fix TiCS action's permission error (#694)

canonical · Oct 16, 2024 · b6ee33b · b6ee33b
1 parent 78a3a88
commit b6ee33b
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 4 deletions.
diff --git a/.github/workflows/cron-jobs.yaml b/.github/workflows/cron-jobs.yaml
@@ -6,7 +6,7 @@ on:
 
 permissions:
   contents: read
- 
+
 jobs:
   TICS:
     permissions:
@@ -27,6 +27,9 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: ${{matrix.branch}}
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
       - name: Install Go
         uses: actions/setup-go@v5
         with:
@@ -47,22 +50,22 @@ jobs:
 
           # TICS requires us to have the test results in cobertura xml format under the
           # directory use below
-          make go.unit
+          sudo make go.unit
           go install github.com/boumenot/gocover-cobertura@latest
           gocover-cobertura < coverage.txt > coverage.xml
           mkdir .coverage
           mv ./coverage.xml ./.coverage/
 
           # Install the TICS and staticcheck
-          go install honnef.co/go/tools/cmd/staticcheck@v0.4.7
+          go install honnef.co/go/tools/cmd/staticcheck@v0.5.1
           . <(curl --silent --show-error 'https://canonical.tiobe.com/tiobeweb/TICS/api/public/v1/fapi/installtics/Script?cfg=default&platform=linux&url=https://canonical.tiobe.com/tiobeweb/TICS/')
 
           # We need to have our project built
           # We load the dqlite libs here instead of doing through make because TICS
           # will try to build parts of the project itself
           sudo add-apt-repository -y ppa:dqlite/dev
           sudo apt install dqlite-tools libdqlite-dev -y
-          make clean
+          sudo make clean
           go build -a ./...
 
           TICSQServer -project k8s-snap -tmpdir /tmp/tics -branchdir $HOME/work/k8s-snap/k8s-snap/

diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml
@@ -128,6 +128,13 @@ jobs:
         uses: step-security/harden-runner@v2
         with:
           egress-policy: audit
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          # We run into rate limiting issues if we don't authenticate
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Checking out repo
         uses: actions/checkout@v4
       - name: Fetch snap