Skip to content

Commit

Permalink
ci(permissions): update token permissions requests(#1784)
Browse files Browse the repository at this point in the history
  • Loading branch information
mwangggg authored Nov 20, 2023
1 parent 3d8484a commit 6b43da7
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 14 deletions.
4 changes: 0 additions & 4 deletions .github/workflows/ci-build-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,6 @@ on:
description: the Cryostat application version that will be built
value: ${{ jobs.get-pom-properties.outputs.image-version }}

permissions:
contents: read
packages: read

jobs:
get-pom-properties:
runs-on: ubuntu-latest
Expand Down
4 changes: 0 additions & 4 deletions .github/workflows/ci-code-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,6 @@ on:
required: false
type: string

permissions:
contents: read
packages: read

jobs:
spotless:
runs-on: ubuntu-latest
Expand Down
6 changes: 1 addition & 5 deletions .github/workflows/integrated-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,6 @@ on:
type: boolean
default: false

permissions:
contents: read
packages: read

jobs:
integration-tests:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -68,7 +64,7 @@ jobs:
- name: Run integration tests
run: POD_NAME=cryostat-itests CONTAINER_NAME=cryostat-itest ITEST_IMG_VERSION=latest bash repeated-integration-tests.bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Print itest logs
if: failure()
run: ls -1dt target/cryostat-itest-*.log | head -n1 | xargs cat
Expand Down
14 changes: 13 additions & 1 deletion .github/workflows/pr-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,8 @@ jobs:
start-comment:
runs-on: ubuntu-latest
needs: [check-before-build]
permissions:
pull-requests: write
steps:
- name: Leave Actions Run Comment
uses: actions/github-script@v6
Expand All @@ -99,11 +101,13 @@ jobs:
strategy:
matrix:
arch: [amd64, arm64]
permissions:
pull-requests: write
uses: ./.github/workflows/ci-build-image.yml
with:
build-arch: ${{ matrix.arch }}
checkout-repo: ${{ needs.checkout-branch.outputs.PR_repo }}
checkout-ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
checkout-ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}

push-to-ghcr:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -202,6 +206,8 @@ jobs:
integration-test-pass:
runs-on: ubuntu-latest
needs: [integration-test]
permissions:
pull-requests: write
steps:
- name: Leave Actions Run Comment
uses: actions/github-script@v6
Expand All @@ -219,6 +225,8 @@ jobs:
retest-integration-pass:
runs-on: ubuntu-latest
needs: [retest-integration]
permissions:
pull-requests: write
steps:
- name: Leave Actions Run Comment
uses: actions/github-script@v6
Expand All @@ -236,6 +244,8 @@ jobs:
comment-integration-test-fail:
if: (always() && contains(needs.*.result, 'failure'))
needs: [integration-test]
permissions:
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v6
Expand All @@ -253,6 +263,8 @@ jobs:
comment-retest-integration-fail:
if: (always() && contains(needs.*.result, 'failure'))
needs: [retest-integration]
permissions:
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v6
Expand Down

0 comments on commit 6b43da7

Please sign in to comment.