From 34cba04bafc67af496f689ed8ae5d9bd35a93a25 Mon Sep 17 00:00:00 2001
From: Alp Kose <alperenkose@gmail.com>
Date: Mon, 4 Mar 2024 17:42:43 +0300
Subject: [PATCH 1/3] ci: fix unittest permissions for release workflow

---
 .github/workflows/release.yml      |  2 ++
 .github/workflows/sub_unittest.yml | 18 +++++++-----------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 82ec16f..5aeccfc 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -53,6 +53,8 @@ jobs:
   unit_tests:
     name: Validate all Unit Tests pass
     needs: pyversion
+    permissions:
+      contents: write
     uses: ./.github/workflows/sub_unittest.yml
     with:
       python_version: ${{ needs.pyversion.outputs.pyversion }}
diff --git a/.github/workflows/sub_unittest.yml b/.github/workflows/sub_unittest.yml
index 599a615..5e9d4bc 100644
--- a/.github/workflows/sub_unittest.yml
+++ b/.github/workflows/sub_unittest.yml
@@ -12,13 +12,6 @@ on:
         type: string
         required: true
 
-
-permissions:
-  # Gives the action the necessary permissions for pushing data to the
-  # python-coverage-comment-action branch, and for editing existing
-  # comments (to avoid publishing multiple comments in the same PR)
-  contents: write
-
 jobs:
 
   unittests:
@@ -45,19 +38,22 @@ jobs:
       - name: Run unit tests and coverage
         run: poetry run make test_coverage
 
+  upload_coverage:
+    name: Upload coverage results to artifact
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'pull_request' }}
+
+    steps:
       # coverage results comment is uploaded to artifact to be written by post PR workflow run
       - name: Coverage comment
         id: coverage_comment
         uses: py-cov-action/python-coverage-comment-action@v3
         with:
           GITHUB_TOKEN: ${{ github.token }}
-        if: ${{ github.event_name == 'pull_request' }}
 
       - name: Store Pull Request comment to be posted
         uses: actions/upload-artifact@v4
-        if: |
-          ${{ github.event_name == 'pull_request' &&
-          steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true' }}
+        if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true'
         with:
           name: python-coverage-comment-action
           path: python-coverage-comment-action.txt

From 08d12ccb60fc6139eeaacf876d72d196ef50d379 Mon Sep 17 00:00:00 2001
From: Alp Kose <alperenkose@gmail.com>
Date: Mon, 4 Mar 2024 17:48:08 +0300
Subject: [PATCH 2/3] ci: unittests assign coverage permissions to required job
 only

---
 .github/workflows/sub_unittest.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/sub_unittest.yml b/.github/workflows/sub_unittest.yml
index 5e9d4bc..a75fb94 100644
--- a/.github/workflows/sub_unittest.yml
+++ b/.github/workflows/sub_unittest.yml
@@ -42,6 +42,11 @@ jobs:
     name: Upload coverage results to artifact
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'pull_request' }}
+    permissions:
+      # Gives the action the necessary permissions for pushing data to the
+      # python-coverage-comment-action branch, and for editing existing
+      # comments (to avoid publishing multiple comments in the same PR)
+      contents: write
 
     steps:
       # coverage results comment is uploaded to artifact to be written by post PR workflow run

From 11febd1dfa7ef92e52710b0739278a185d73dbc7 Mon Sep 17 00:00:00 2001
From: Alp Kose <alperenkose@gmail.com>
Date: Mon, 4 Mar 2024 18:06:18 +0300
Subject: [PATCH 3/3] ci: unittests revert back changes

---
 .github/workflows/sub_unittest.yml | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/sub_unittest.yml b/.github/workflows/sub_unittest.yml
index a75fb94..599a615 100644
--- a/.github/workflows/sub_unittest.yml
+++ b/.github/workflows/sub_unittest.yml
@@ -12,6 +12,13 @@ on:
         type: string
         required: true
 
+
+permissions:
+  # Gives the action the necessary permissions for pushing data to the
+  # python-coverage-comment-action branch, and for editing existing
+  # comments (to avoid publishing multiple comments in the same PR)
+  contents: write
+
 jobs:
 
   unittests:
@@ -38,27 +45,19 @@ jobs:
       - name: Run unit tests and coverage
         run: poetry run make test_coverage
 
-  upload_coverage:
-    name: Upload coverage results to artifact
-    runs-on: ubuntu-latest
-    if: ${{ github.event_name == 'pull_request' }}
-    permissions:
-      # Gives the action the necessary permissions for pushing data to the
-      # python-coverage-comment-action branch, and for editing existing
-      # comments (to avoid publishing multiple comments in the same PR)
-      contents: write
-
-    steps:
       # coverage results comment is uploaded to artifact to be written by post PR workflow run
       - name: Coverage comment
         id: coverage_comment
         uses: py-cov-action/python-coverage-comment-action@v3
         with:
           GITHUB_TOKEN: ${{ github.token }}
+        if: ${{ github.event_name == 'pull_request' }}
 
       - name: Store Pull Request comment to be posted
         uses: actions/upload-artifact@v4
-        if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true'
+        if: |
+          ${{ github.event_name == 'pull_request' &&
+          steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true' }}
         with:
           name: python-coverage-comment-action
           path: python-coverage-comment-action.txt