From 1ee29df7d4041c91cdf4efd0e835b3814b903639 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Dec 2025 15:26:34 +0000 Subject: [PATCH 1/7] Bump super-linter/super-linter from 8.0.0 to 8.3.0 Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 8.0.0 to 8.3.0. - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/super-linter/super-linter/compare/v8.0.0...v8.3.0) --- updated-dependencies: - dependency-name: super-linter/super-linter dependency-version: 8.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/super_linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/super_linter.yml b/.github/workflows/super_linter.yml index 61e05068..28095f31 100644 --- a/.github/workflows/super_linter.yml +++ b/.github/workflows/super_linter.yml @@ -27,7 +27,7 @@ jobs: fetch-depth: 0 - name: Lint Code Base - uses: super-linter/super-linter/slim@v8.0.0 + uses: super-linter/super-linter/slim@v8.3.0 env: VALIDATE_ALL_CODEBASE: false VALIDATE_CHECKOV: false From d16eb35ffd6a7b45fff57521e98a83c90e0d0679 Mon Sep 17 00:00:00 2001 From: ppinchuk Date: Sat, 14 Feb 2026 12:19:37 -0700 Subject: [PATCH 2/7] Fix typos --- docs/source/conf.py | 2 +- examples/example_developers.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index 7f1d4fb0..004aa285 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -127,7 +127,7 @@ html_context = { "display_github": True, - "github_user": "nlr", + "github_user": "NatLabRockies", "github_repo": "gaps", "github_version": "main", "conf_py_path": "/docs/source/", diff --git a/examples/example_developers.rst b/examples/example_developers.rst index 668925f0..264b4169 100644 --- a/examples/example_developers.rst +++ b/examples/example_developers.rst @@ -723,4 +723,4 @@ to render the CLI documentation for you in a visually appealing format. For an e Questions? ---------- If you run into any issues or questions while coupling GAPs with your model, please reach out to -Paul Pinchuk (ppinchuk@nrl.gov). +Paul Pinchuk (ppinchuk@nlr.gov). From 08dcdae23eb4415595596beb547bd2d7c0835271 Mon Sep 17 00:00:00 2001 From: ppinchuk Date: Sat, 14 Feb 2026 12:19:44 -0700 Subject: [PATCH 3/7] Minor update to name --- pixi.lock | 4 ++-- pyproject.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pixi.lock b/pixi.lock index bcb525a0..48edd011 100644 --- a/pixi.lock +++ b/pixi.lock @@ -6698,8 +6698,8 @@ packages: timestamp: 1771078206376 - pypi: ./ name: nlr-gaps - version: 0.8.12.dev15+ge5e924373.d20260214 - sha256: 454b58ae9a65d812027658ad7556f04b55540312c4b3cdebf55afe135825c39c + version: 0.8.12.dev20+g5358eced4.d20260214 + sha256: 44b8b547a0185f34d42795b3c1a1fa85e71f8bd6488ac7d2d12ba5fa94a86b0c requires_dist: - click>=8.1.8 - colorama>=0.4.6 diff --git a/pyproject.toml b/pyproject.toml index ac156edf..3c8d29fb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -104,7 +104,7 @@ channels = ["conda-forge", "anaconda", "main"] platforms = ["osx-arm64", "osx-64", "linux-64", "win-64"] [tool.pixi.pypi-dependencies] -NLR-gaps = { path = ".", editable = true } +NLR-GAPs = { path = ".", editable = true } [tool.pixi.environments] default = { solve-group = "default" } From 2e30066a754f54b7aa0257f69e710d611c7497f7 Mon Sep 17 00:00:00 2001 From: ppinchuk Date: Sat, 14 Feb 2026 12:41:19 -0700 Subject: [PATCH 4/7] Fixes --- .github/workflows/docs.yml | 1 + .github/workflows/pixi_tests.yml | 2 ++ .github/workflows/publish_to_pypi.yml | 1 + .github/workflows/super_linter.yml | 6 +++++- .github/workflows/tests_tox.yml | 4 ++++ 5 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 4f7e91a6..c94f4a09 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -18,6 +18,7 @@ jobs: with: fetch-depth: 0 fetch-tags: true + persist-credentials: false - uses: prefix-dev/setup-pixi@v0.9.4 with: diff --git a/.github/workflows/pixi_tests.yml b/.github/workflows/pixi_tests.yml index 625023a9..ea862915 100644 --- a/.github/workflows/pixi_tests.yml +++ b/.github/workflows/pixi_tests.yml @@ -20,6 +20,8 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + fetch-tags: true + persist-credentials: false - uses: prefix-dev/setup-pixi@v0.9.4 with: diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 44b26e4a..9e53fce5 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -20,6 +20,7 @@ jobs: with: fetch-depth: 0 fetch-tags: true + persist-credentials: false - uses: prefix-dev/setup-pixi@v0.9.4 with: diff --git a/.github/workflows/super_linter.yml b/.github/workflows/super_linter.yml index 70121f2f..41ba9128 100644 --- a/.github/workflows/super_linter.yml +++ b/.github/workflows/super_linter.yml @@ -25,11 +25,15 @@ jobs: # super-linter needs the full git history to get the # list of files that changed across commits fetch-depth: 0 + fetch-tags: true + persist-credentials: false - name: Lint Code Base - uses: super-linter/super-linter/slim@v8.3.0 + uses: super-linter/super-linter/slim@61abc07d755095a68f4987d1c2c3d1d64408f1f9 env: VALIDATE_ALL_CODEBASE: false + VALIDATE_BIOME_LINT: false + VALIDATE_BIOME_FORMAT: false VALIDATE_CHECKOV: false VALIDATE_CSS: false VALIDATE_GITHUB_ACTIONS: false diff --git a/.github/workflows/tests_tox.yml b/.github/workflows/tests_tox.yml index 583e995b..b11bda44 100644 --- a/.github/workflows/tests_tox.yml +++ b/.github/workflows/tests_tox.yml @@ -22,6 +22,8 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + fetch-tags: true + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v6 @@ -67,6 +69,8 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + fetch-tags: true + persist-credentials: false - name: Set up Python 3.9 uses: actions/setup-python@v6 From 698bfad7c49dcc1e3c77f3db86d8126da49c2980 Mon Sep 17 00:00:00 2001 From: ppinchuk Date: Sat, 14 Feb 2026 17:09:37 -0700 Subject: [PATCH 5/7] Use hashes --- .github/workflows/apptainer-build-deploy.yml | 2 +- .github/workflows/codecov.yml | 4 ++-- .github/workflows/docs.yml | 4 ++-- .github/workflows/linter.yml | 4 ++-- .github/workflows/pixi_tests.yml | 2 +- .github/workflows/pr_rev_cli_tests.yml | 2 +- .github/workflows/publish_to_pypi.yml | 4 ++-- .github/workflows/release_drafter.yml | 2 +- .github/workflows/super_linter.yml | 1 + .github/workflows/tests_tox.yml | 8 ++++---- .github/workflows/wildows_pytests.yml | 2 +- 11 files changed, 18 insertions(+), 17 deletions(-) diff --git a/.github/workflows/apptainer-build-deploy.yml b/.github/workflows/apptainer-build-deploy.yml index f96dd31b..8b73ca3b 100644 --- a/.github/workflows/apptainer-build-deploy.yml +++ b/.github/workflows/apptainer-build-deploy.yml @@ -43,7 +43,7 @@ jobs: # singularity push container.sif oras://ghcr.io/${GITHUB_REPOSITORY}:${tag} - name: Upload container to release - uses: svenstaro/upload-release-action@v2 + uses: svenstaro/upload-release-action@6b7fa9f267e90b50a19fef07b3596790bb941741 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: ${{ matrix.artifact_name }} diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 55d05086..5f77387a 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -16,7 +16,7 @@ jobs: ref: ${{ github.event.pull_request.head.ref || github.ref }} fetch-depth: 1 - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: 3.13 - name: Install dependencies @@ -28,7 +28,7 @@ jobs: run: | pytest -v --cov=gaps --cov-report=html --cov-branch --cov-report=xml:coverage.xml --cov-fail-under=95 - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de with: token: ${{ secrets.CODECOV_TOKEN }} files: ./coverage.xml diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index c94f4a09..07f2a1b9 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,7 +20,7 @@ jobs: fetch-tags: true persist-credentials: false - - uses: prefix-dev/setup-pixi@v0.9.4 + - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e with: pixi-version: v0.62.2 locked: true @@ -34,7 +34,7 @@ jobs: pixi run -e dev python-docs - name: deploy - uses: peaceiris/actions-gh-pages@v4.0.0 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./docs/_build/html diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index d9970e76..12c3ad1b 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -13,12 +13,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: astral-sh/ruff-action@v3 + - uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 with: version: "latest" args: check src: "./gaps" - - uses: astral-sh/ruff-action@v3 + - uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 with: version: "latest" args: format --check diff --git a/.github/workflows/pixi_tests.yml b/.github/workflows/pixi_tests.yml index ea862915..b47a8571 100644 --- a/.github/workflows/pixi_tests.yml +++ b/.github/workflows/pixi_tests.yml @@ -23,7 +23,7 @@ jobs: fetch-tags: true persist-credentials: false - - uses: prefix-dev/setup-pixi@v0.9.4 + - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e with: pixi-version: v0.62.2 locked: true diff --git a/.github/workflows/pr_rev_cli_tests.yml b/.github/workflows/pr_rev_cli_tests.yml index 8cf24d21..9231b259 100644 --- a/.github/workflows/pr_rev_cli_tests.yml +++ b/.github/workflows/pr_rev_cli_tests.yml @@ -19,7 +19,7 @@ jobs: fetch-depth: 1 path: reV - name: Set up Python - uses: conda-incubator/setup-miniconda@v3 + uses: conda-incubator/setup-miniconda@fc2d68f6413eb2d87b895e92f8584b5b94a10167 with: auto-update-conda: true python-version: 3.9 diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 9e53fce5..b92e61aa 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -22,7 +22,7 @@ jobs: fetch-tags: true persist-credentials: false - - uses: prefix-dev/setup-pixi@v0.9.4 + - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e with: pixi-version: v0.62.2 locked: true @@ -34,4 +34,4 @@ jobs: run: pixi run -e dev build-wheels - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e diff --git a/.github/workflows/release_drafter.yml b/.github/workflows/release_drafter.yml index cf1c4f7f..13f6ab40 100644 --- a/.github/workflows/release_drafter.yml +++ b/.github/workflows/release_drafter.yml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Release Drafter - uses: release-drafter/release-drafter@v6.1.0 + uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/super_linter.yml b/.github/workflows/super_linter.yml index 41ba9128..15b7cbf5 100644 --- a/.github/workflows/super_linter.yml +++ b/.github/workflows/super_linter.yml @@ -48,6 +48,7 @@ jobs: VALIDATE_PYTHON_PYINK: false VALIDATE_PYTHON_PYLINT: false VALIDATE_PYTHON_RUFF: false + VALIDATE_SPELL_CODESPELL: false VALIDATE_YAML: false VALIDATE_YAML_PRETTIER: false DEFAULT_BRANCH: origin/main diff --git a/.github/workflows/tests_tox.yml b/.github/workflows/tests_tox.yml index b11bda44..43d52847 100644 --- a/.github/workflows/tests_tox.yml +++ b/.github/workflows/tests_tox.yml @@ -26,7 +26,7 @@ jobs: persist-credentials: false - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} cache: 'pip' @@ -37,7 +37,7 @@ jobs: python -m pip install tox tox-gh-actions>=2.0 - name: Load tox cache - uses: actions/cache/restore@v5 + uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 with: path: .tox/ key: ${{ runner.os }}-${{ matrix.python-version }}-tox-v1-${{ hashFiles('**/pyproject.toml') }} @@ -51,7 +51,7 @@ jobs: - name: Save tox cache only on main if: github.ref == 'refs/heads/main' - uses: actions/cache/save@v5 + uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 with: path: .tox/ key: ${{ runner.os }}-${{ matrix.python-version }}-tox-v1-${{ hashFiles('**/pyproject.toml') }} @@ -73,7 +73,7 @@ jobs: persist-credentials: false - name: Set up Python 3.9 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: 3.9 diff --git a/.github/workflows/wildows_pytests.yml b/.github/workflows/wildows_pytests.yml index 00f189b9..9e3eee8e 100644 --- a/.github/workflows/wildows_pytests.yml +++ b/.github/workflows/wildows_pytests.yml @@ -16,7 +16,7 @@ jobs: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 1 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} - name: Install Dependencies From da95a51938fe2f32c9a4ddc340e252fc88b394b5 Mon Sep 17 00:00:00 2001 From: ppinchuk Date: Sat, 14 Feb 2026 17:16:43 -0700 Subject: [PATCH 6/7] Add `persist-credentials` --- .github/workflows/apptainer-build-deploy.yml | 4 ++++ .github/workflows/codecov.yml | 2 ++ .github/workflows/linter.yml | 4 ++++ .github/workflows/pr_rev_cli_tests.yml | 4 ++++ .github/workflows/wildows_pytests.yml | 2 ++ 5 files changed, 16 insertions(+) diff --git a/.github/workflows/apptainer-build-deploy.yml b/.github/workflows/apptainer-build-deploy.yml index 8b73ca3b..5a333f17 100644 --- a/.github/workflows/apptainer-build-deploy.yml +++ b/.github/workflows/apptainer-build-deploy.yml @@ -32,6 +32,10 @@ jobs: - name: Check out code for the container builds uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 0 + fetch-tags: true + persist-credentials: false - name: Build Container run: | diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 5f77387a..d96f61b3 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -15,6 +15,8 @@ jobs: with: ref: ${{ github.event.pull_request.head.ref || github.ref }} fetch-depth: 1 + fetch-tags: true + persist-credentials: false - name: Setup Python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 12c3ad1b..34ce4625 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -13,6 +13,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 0 + fetch-tags: true + persist-credentials: false - uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 with: version: "latest" diff --git a/.github/workflows/pr_rev_cli_tests.yml b/.github/workflows/pr_rev_cli_tests.yml index 9231b259..898f0a1c 100644 --- a/.github/workflows/pr_rev_cli_tests.yml +++ b/.github/workflows/pr_rev_cli_tests.yml @@ -11,13 +11,17 @@ jobs: with: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 1 + fetch-tags: true path: gaps + persist-credentials: false - name: checkout reV uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: NatLabRockies/reV fetch-depth: 1 path: reV + fetch-tags: true + persist-credentials: false - name: Set up Python uses: conda-incubator/setup-miniconda@fc2d68f6413eb2d87b895e92f8584b5b94a10167 with: diff --git a/.github/workflows/wildows_pytests.yml b/.github/workflows/wildows_pytests.yml index 9e3eee8e..3c4b66e0 100644 --- a/.github/workflows/wildows_pytests.yml +++ b/.github/workflows/wildows_pytests.yml @@ -15,6 +15,8 @@ jobs: with: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 1 + fetch-tags: true + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: From 67e47245a437e8bd7476d5f981378d5ae0353d5c Mon Sep 17 00:00:00 2001 From: ppinchuk Date: Sat, 14 Feb 2026 17:20:34 -0700 Subject: [PATCH 7/7] Linter fixes --- .github/workflows/apptainer-build-deploy.yml | 2 +- .github/workflows/codecov.yml | 2 ++ .github/workflows/linter.yml | 2 ++ .github/workflows/pixi_tests.yml | 2 ++ .github/workflows/pr_rev_cli_tests.yml | 2 ++ .github/workflows/release_drafter.yml | 3 +++ .github/workflows/tests_tox.yml | 4 ++++ .github/workflows/wildows_pytests.yml | 2 ++ 8 files changed, 18 insertions(+), 1 deletion(-) diff --git a/.github/workflows/apptainer-build-deploy.yml b/.github/workflows/apptainer-build-deploy.yml index 5a333f17..00fa8786 100644 --- a/.github/workflows/apptainer-build-deploy.yml +++ b/.github/workflows/apptainer-build-deploy.yml @@ -22,7 +22,7 @@ jobs: # artifact_name: mything # asset_name: mything-macos-amd64 permissions: - write-all + contents: write container: image: quay.io/singularity/singularity:v3.8.1 diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index d96f61b3..e0b19e81 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -10,6 +10,8 @@ jobs: cov: name: Codecov runs-on: ubuntu-latest + permissions: + contents: read steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 34ce4625..52a0525f 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -11,6 +11,8 @@ jobs: lint: name: Lint Code Base with Ruff runs-on: ubuntu-latest + permissions: + contents: read steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: diff --git a/.github/workflows/pixi_tests.yml b/.github/workflows/pixi_tests.yml index b47a8571..8e72b6d7 100644 --- a/.github/workflows/pixi_tests.yml +++ b/.github/workflows/pixi_tests.yml @@ -9,6 +9,8 @@ on: jobs: tests: runs-on: ${{ matrix.os }} + permissions: + contents: read strategy: fail-fast: false max-parallel: 8 diff --git a/.github/workflows/pr_rev_cli_tests.yml b/.github/workflows/pr_rev_cli_tests.yml index 898f0a1c..8677649a 100644 --- a/.github/workflows/pr_rev_cli_tests.yml +++ b/.github/workflows/pr_rev_cli_tests.yml @@ -5,6 +5,8 @@ on: pull_request jobs: rev_cli_tests: runs-on: ubuntu-latest + permissions: + contents: read steps: - name: checkout gaps uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/release_drafter.yml b/.github/workflows/release_drafter.yml index 13f6ab40..6ca994b8 100644 --- a/.github/workflows/release_drafter.yml +++ b/.github/workflows/release_drafter.yml @@ -7,6 +7,9 @@ on: jobs: update_release_draft: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - name: Release Drafter uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 diff --git a/.github/workflows/tests_tox.yml b/.github/workflows/tests_tox.yml index 43d52847..9b42c989 100644 --- a/.github/workflows/tests_tox.yml +++ b/.github/workflows/tests_tox.yml @@ -11,6 +11,8 @@ on: jobs: test-latest-deps: runs-on: ${{ matrix.os }} + permissions: + contents: read strategy: fail-fast: false max-parallel: 8 @@ -59,6 +61,8 @@ jobs: test-msv: runs-on: ${{ matrix.os }} if: github.event_name == 'pull_request' + permissions: + contents: read strategy: fail-fast: false max-parallel: 8 diff --git a/.github/workflows/wildows_pytests.yml b/.github/workflows/wildows_pytests.yml index 3c4b66e0..5c4b0fb2 100644 --- a/.github/workflows/wildows_pytests.yml +++ b/.github/workflows/wildows_pytests.yml @@ -5,6 +5,8 @@ on: pull_request jobs: pytest: runs-on: windows-latest + permissions: + contents: read strategy: fail-fast: false matrix: