Make the "Actions" tab public #24989
-
There should be an easy way for the public to see the workflow jobs. |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments
-
Agreed - we’re working on it. Thanks! |
Beta Was this translation helpful? Give feedback.
-
This seems to have been released. Thanks! |
Beta Was this translation helpful? Give feedback.
-
Is it though? I don’t see my actions public at https://github.com/tmux-python/libtmux/actions when logged out. I don’t see an option to do it. Same goes with pull requests tmux-python/libtmux#245, I only see it when logged in (in this case I’m a member of the org) |
Beta Was this translation helpful? Give feedback.
-
This feature was present for a while but was removed for security reasons. This is a security measure to help minimize the chances of content being scraped and other possible risks. |
Beta Was this translation helpful? Give feedback.
-
Could you elaborate on this?
I fail to see the advantages of returning a 404 error over just displaying it for guests. However, I do see drawbacks in restricting this:
What w_ould_ potentially increase security is, if logs were (/ could be) restricted to repository owners or were made public (including GitHub users) with delay. Also ability to delete logs would be useful (as damage control) in combination with those things. |
Beta Was this translation helpful? Give feedback.
-
I can see how making the logs public might cause security concerns. So how about instead having a public page that shows a summary of the build without showing the logs. For example, it could just list each job and step name, with either a green checkmark or a red X to indicate whether that job/step passed. Bonus points if it has a graph that shows the pass/fail rsults over time. I’m envisioning something that looks like the Postman Monitors dashboard. |
Beta Was this translation helpful? Give feedback.
-
Public logs should be an option, this is just kind of anti-collaborative. Why is this not simply a per project option if there are concerns? If projects can’t manage to keep their CI logs clean fine let them hide them, but my CI only accesses public resources and the entire docker script is in the repo itself, so it couldn’t be more pointless to hide the logs. And it really hurts collaboration when I mention a bug I saw in CI on some external bug tracker, and then I can’t link it. It’s also silly to me that the entirety of the CI setup script and the entire project code is already google “scraped”, but then it’s suddenly a problem when the action logs of building openly available code are public? I don’t get it. |
Beta Was this translation helpful? Give feedback.
This seems to have been released. Thanks!