I have noticed that according to https://docs.github.com/en/free-pro-team@latest/actions/managing-workflow-runs/re-running-a-workflow, “Read Access” is all I need to re-run a workflow but from working with https://github.com/alluxio/alluxio/ repo, it doesn’t appear to be the case. I would like to avoid giving everyone write permissions for people to have this feature (this was the lowest level of permission that was required to make this work), is there an alternative?
I can reproduce the same behavior.
According to my test, the collaborators who are at least the “Write” role can run, re-run, cancel and delete workflow runs in a repository.
The collaborators who are the “Read” or “Triage” role can only view workflow runs in the repository.
Yep that is exactly the behavior we see as well. We migrated to github-actions because we trusted the docs and assumed that our contributors can rerun workflows easily.
I have created and issue ticket (github/docs#644) to report the issue of the docs to the appropriate engineering team for further investigation and evaluation.
You can follow this issue ticket and add your comments to it.
As i can see in this ticket and inn reality the permission needed is a write permission.
This is a great inconvenience for the team i work.
We have new programmers we don’t want to give write permission to our main repository but want to give them the option to rerun the pr job. This could be due to flaky tests. Wouldn’t it make sense to give run permissions for people who have read or at least triage permissions? If not wouldn’t it make sense to have a different permission to run jobs, or to have a decision per job to set the permission manually?