From 456ceb8c0fb31b91996854b57760149a6658a3cf Mon Sep 17 00:00:00 2001 From: Robert Hafner Date: Mon, 30 Mar 2026 16:08:43 -0500 Subject: [PATCH] fix: add contents:read permission to pypi workflow and fix migration check to use temp DB MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - pypi workflow only had id-token:write; declaring any permissions key drops all others to none, so checkout failed with 'repository not found' on private repos. Added contents:read to restore checkout access. - check_ungenerated_migrations ran alembic check against whatever database DATABASE_URL pointed to. In CI there is no pre-existing database, so alembic reported 'Target database is not up to date' before comparing models to migrations at all. Updated the target to create a fresh temp DB, run upgrade head, then check, then clean up — matching the create_migration pattern. --- {{cookiecutter.__package_slug}}/.github/workflows/pypi.yaml | 1 + {{cookiecutter.__package_slug}}/makefile | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/{{cookiecutter.__package_slug}}/.github/workflows/pypi.yaml b/{{cookiecutter.__package_slug}}/.github/workflows/pypi.yaml index 6de86c3..5912d44 100644 --- a/{{cookiecutter.__package_slug}}/.github/workflows/pypi.yaml +++ b/{{cookiecutter.__package_slug}}/.github/workflows/pypi.yaml @@ -19,6 +19,7 @@ jobs: pypi: runs-on: ubuntu-latest permissions: + contents: read id-token: write steps: - uses: actions/checkout@v6 diff --git a/{{cookiecutter.__package_slug}}/makefile b/{{cookiecutter.__package_slug}}/makefile index 932c074..d077504 100644 --- a/{{cookiecutter.__package_slug}}/makefile +++ b/{{cookiecutter.__package_slug}}/makefile @@ -180,6 +180,9 @@ create_migration: .PHONY: check_ungenerated_migrations check_ungenerated_migrations: - $(UV) run alembic check + rm -f $(MIGRATION_DATABASE) + DATABASE_URL=sqlite:///$(MIGRATION_DATABASE) $(UV) run alembic upgrade head + DATABASE_URL=sqlite:///$(MIGRATION_DATABASE) $(UV) run alembic check + rm -f $(MIGRATION_DATABASE) {% endif %}