From b26493c7f2223cc1a54a5fa3eb3e49e66af3cc65 Mon Sep 17 00:00:00 2001 From: David Cassany Date: Tue, 9 Jul 2024 09:39:46 +0200 Subject: [PATCH] Fix workflows, permissions at top level Signed-off-by: David Cassany --- .github/workflows/build.yaml | 4 ++++ .github/workflows/build_and_test_arm.yaml | 7 ++++--- .github/workflows/build_and_test_x86.yaml | 6 ++++-- .github/workflows/cli.yaml | 7 +++++-- .github/workflows/docs-publish.yaml | 7 +++++-- 5 files changed, 22 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 389b6211c77..d96f56404a3 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -19,6 +19,10 @@ on: - go.sum - examples/** +permissions: + content: read + pull-requests: read + jobs: permissions: content: read diff --git a/.github/workflows/build_and_test_arm.yaml b/.github/workflows/build_and_test_arm.yaml index 5e811c3dae5..83652c37e8b 100644 --- a/.github/workflows/build_and_test_arm.yaml +++ b/.github/workflows/build_and_test_arm.yaml @@ -14,10 +14,11 @@ concurrency: group: ci-${{ inputs.flavor }}-aarch64-${{ github.head_ref || github.ref }}-${{ github.repository }} cancel-in-progress: true -jobs: +permissions: + content: read + pull-requests: read - permissions: - content: read +jobs: build-iso: needs: detect runs-on: [self-hosted, arm64] diff --git a/.github/workflows/build_and_test_x86.yaml b/.github/workflows/build_and_test_x86.yaml index 7efddec09b3..fb9ddac13c9 100644 --- a/.github/workflows/build_and_test_x86.yaml +++ b/.github/workflows/build_and_test_x86.yaml @@ -11,9 +11,11 @@ concurrency: group: ci-${{ inputs.flavor }}-x86_64-${{ github.head_ref || github.ref }}-${{ github.repository }} cancel-in-progress: true +permissions: + content: read + pull-requests: read + jobs: - permissions: - content: read build-os: permissions: packages: write diff --git a/.github/workflows/cli.yaml b/.github/workflows/cli.yaml index 3116be1ee79..645553df724 100644 --- a/.github/workflows/cli.yaml +++ b/.github/workflows/cli.yaml @@ -14,9 +14,12 @@ on: push: branches: - main + +permissions: + content: read + pull-requests: read + jobs: - permissions: - content: read build: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/docs-publish.yaml b/.github/workflows/docs-publish.yaml index 28eac3b1344..6d46463cf2e 100644 --- a/.github/workflows/docs-publish.yaml +++ b/.github/workflows/docs-publish.yaml @@ -8,9 +8,12 @@ on: - main schedule: - cron: 0 20 * * * + +permissions: + content: read + pull-requests: read + jobs: - permissions: - content: read build-deploy: runs-on: ubuntu-latest steps: