Re: Heads Up: cirrus-ci is shutting down June 1st

Hi,

On 2026-05-27 15:15:46 -0700, Jacob Champion wrote:
> On Wed, May 27, 2026 at 11:10 AM Andres Freund <andres(at)anarazel(dot)de> wrote:
> > > +# Default to the minimum privilege the jobs need (just reading the repo
> > > +# contents during checkout). Individual jobs override this when they need
> > > +# more, e.g. `cancel-previous` needs `actions: write` to cancel runs.
> > > +permissions:
> > > + contents: read
> >
> > I'm not sure I like that we ever need more than that. I'd expect that
> > postgresql-cfbot will explicitly disable write permissions for runs.
>
> +1, and +1 for getting rid of the custom cancel, for that reason.
>
> - Do we need to defend our downstream forks from this workflow? (We
> have 5,700 of them, apparently.)

I don't see why. I think it's good if they run CI. Having forks not run CI by
default would imo take one of the main advantages of using github actions
away.

> - Do the pginfra folks who own the repo need to lock down all the
> Actions settings before we ship this? (On my fork, at least, the
> default settings were horrifically permissive.)

Yes, they are too permissive by default, including on postgres/postgres. I
think postgres/postgres isn't *that* threatened, but we should make things are
shored up anyway. Where it's really crucial is the postgresql-cfbot repo.

Greetings,

Andres Freund