Skip to content

create a "wrapper" action to upload to crowdin and then download #2004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
briwylde08 merged 1 commit into from
Nov 24, 2025
Merged

create a "wrapper" action to upload to crowdin and then download #2004

briwylde08 merged 1 commit into from
Nov 24, 2025

Conversation

@ElliotFriend
Copy link
Contributor

@ElliotFriend ElliotFriend commented Nov 13, 2025
edited
Loading

Similar goal to #1990, but a different approach. not sure if one is better or more suited than the other, though. wanted to put it out there to get some eyeballs on it

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 13, 2025
View reviewed changes
.github/workflows/crowdin-manual-workflow.yml
Comment on lines +8 to +10
uses: ./.github/workflows/crowdin-upload-workflow.yml

trigger-download:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI about 1 month ago

The fix involves specifying a permissions block at either the root of the workflow or for each job (here, setting it at the root is recommended as both jobs are simple triggers of reusable workflows and likely need very few permissions). Ordinarily, workflows that trigger other workflows do not require write permissions; they only need minimal contents: read, unless the downstream workflow needs more. Adding the following block right after the workflow name sets the least-privilege permissions for all jobs in the workflow:

permissions:
  contents: read

This change should be added after the name: field and before the on: block to match typical GitHub Actions conventions.

Suggested changeset 1
.github/workflows/crowdin-manual-workflow.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/crowdin-manual-workflow.yml b/.github/workflows/crowdin-manual-workflow.yml
--- a/.github/workflows/crowdin-manual-workflow.yml
+++ b/.github/workflows/crowdin-manual-workflow.yml
@@ -1,4 +1,6 @@
 name: Crowdin Manual Upload and Download
+permissions:
+  contents: read
 
 on:
   workflow_dispatch:
EOF
@@ -1,4 +1,6 @@
name: Crowdin Manual Upload and Download
permissions:
contents: read

on:
workflow_dispatch:
Copilot is powered by AI and may make mistakes. Always verify output.
.github/workflows/crowdin-manual-workflow.yml
Comment on lines +11 to +12
needs: [ trigger-upload ]
uses: ./.github/workflows/crowdin-download-workflow.yml

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI about 1 month ago

The fix is to add a permissions key at the root of your workflow file .github/workflows/crowdin-manual-workflow.yml. Since this workflow primarily coordinates uploads and downloads through reusable workflows, and likely does not itself require write-level repository permissions, you should explicitly set minimal privileges. Unless the workflow directly creates pull requests, pushes changes, or interacts with issues, contents: read is a safe default permission. If later you discover that more granular permission (e.g., pull-requests: write) is necessary for these jobs, you can add it, but starting with a root-level read-only permission is best. Insert the following block under the name line (after line 1).

Suggested changeset 1
.github/workflows/crowdin-manual-workflow.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/crowdin-manual-workflow.yml b/.github/workflows/crowdin-manual-workflow.yml
--- a/.github/workflows/crowdin-manual-workflow.yml
+++ b/.github/workflows/crowdin-manual-workflow.yml
@@ -1,4 +1,6 @@
 name: Crowdin Manual Upload and Download
+permissions:
+  contents: read
 
 on:
   workflow_dispatch:
EOF
@@ -1,4 +1,6 @@
name: Crowdin Manual Upload and Download
permissions:
contents: read

on:
workflow_dispatch:
Copilot is powered by AI and may make mistakes. Always verify output.
@stellar-jenkins
Copy link

stellar-jenkins commented Nov 13, 2025

Preview is available here:
http://developers-pr2004.previews.kube001.services.stellar-ops.com

@briwylde08 briwylde08 merged commit 7309f52 into main Nov 24, 2025
9 checks passed
@briwylde08 briwylde08 deleted the crowdin-manual-action branch November 24, 2025 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@briwylde08 briwylde08 briwylde08 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ElliotFriend @stellar-jenkins @briwylde08