Re: Heads Up: cirrus-ci is shutting down June 1st

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Andres Freund <[email protected]>
To: Jacob Champion <[email protected]>
Cc: Nazir Bilal Yavuz <[email protected]>
Cc: Jelte Fennema-Nio <[email protected]>
Cc: Thomas Munro <[email protected]>
Cc: [email protected]
Subject: Re: Heads Up: cirrus-ci is shutting down June 1st
Date: Thu, 28 May 2026 11:07:22 -0400
Message-ID: <qs2jmmyqlmvvj5jfhrkdo5q5fzfjulgiu3dqmgz4gvfscqi4vc@r5rvsrblxres> (raw)
In-Reply-To: <CAOYmi+n8RRmtGUr_fZkYzX5XbGH5+Q0c1M1XMr7ytXbRs1JxJA@mail.gmail.com>
References: <3ydjipcr7kbss57nvi67noplncqhesl5eyb6wgol4ccjxynspv@yatlykpribmm>
	<[email protected]>
	<CAN55FZ30Np67cATsqYxF1SsP598VoRv4hJQZ4w9RA3Qe55prnQ@mail.gmail.com>
	<CAN55FZ13uX0cLSbgtSnnFeh5sTLeMr7+8UzmqpU6QjOtrRJTLg@mail.gmail.com>
	<qe4lh2i5di2gh7bxkbfisifaohrvyfukbybwxwzxdnll45hnt3@luod7i2mon67>
	<CAOYmi+n8RRmtGUr_fZkYzX5XbGH5+Q0c1M1XMr7ytXbRs1JxJA@mail.gmail.com>

Hi,

On 2026-05-27 15:15:46 -0700, Jacob Champion wrote:
> On Wed, May 27, 2026 at 11:10 AM Andres Freund <[email protected]> wrote:
> > > +# Default to the minimum privilege the jobs need (just reading the repo
> > > +# contents during checkout). Individual jobs override this when they need
> > > +# more, e.g. `cancel-previous` needs `actions: write` to cancel runs.
> > > +permissions:
> > > +  contents: read
> >
> > I'm not sure I like that we ever need more than that. I'd expect that
> > postgresql-cfbot will explicitly disable write permissions for runs.
> 
> +1, and +1 for getting rid of the custom cancel, for that reason.
> 
> - Do we need to defend our downstream forks from this workflow? (We
> have 5,700 of them, apparently.)

I don't see why. I think it's good if they run CI. Having forks not run CI by
default would imo take one of the main advantages of using github actions
away.


> - Do the pginfra folks who own the repo need to lock down all the
> Actions settings before we ship this? (On my fork, at least, the
> default settings were horrifically permissive.)

Yes, they are too permissive by default, including on postgres/postgres.  I
think postgres/postgres isn't *that* threatened, but we should make things are
shored up anyway. Where it's really crucial is the postgresql-cfbot repo.

Greetings,

Andres Freund

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Heads Up: cirrus-ci is shutting down June 1st
  In-Reply-To: <qs2jmmyqlmvvj5jfhrkdo5q5fzfjulgiu3dqmgz4gvfscqi4vc@r5rvsrblxres>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox