From 2ce29ee6957c808918de8f85b37d32faa48151e0 Mon Sep 17 00:00:00 2001 From: Antony David Date: Sun, 15 Sep 2024 19:24:27 +0200 Subject: [PATCH 1/2] chore(ci): add gh token for setup-rust --- .github/workflows/bench_cli.yml | 1 + .github/workflows/benchmark.yml | 1 + .github/workflows/main.yml | 1 + .github/workflows/parser_conformance.yml | 1 + .github/workflows/pull_request.yml | 1 + .github/workflows/release_knope.yml | 3 +++ 6 files changed, 8 insertions(+) diff --git a/.github/workflows/bench_cli.yml b/.github/workflows/bench_cli.yml index fd2964abaf61..695c978eb48b 100644 --- a/.github/workflows/bench_cli.yml +++ b/.github/workflows/bench_cli.yml @@ -9,6 +9,7 @@ on: env: RUST_LOG: info + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: bench: diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index d7f79fb66186..2addc7df6c3b 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -22,6 +22,7 @@ on: env: RUST_LOG: info + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: bench: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2ab150cb8c00..4461acd2bf1c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,6 +13,7 @@ env: RUST_LOG: info RUST_BACKTRACE: 1 RUSTUP_WINDOWS_PATH_ADD_BIN: 1 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: format: diff --git a/.github/workflows/parser_conformance.yml b/.github/workflows/parser_conformance.yml index f35806f8d797..49cb1ef60118 100644 --- a/.github/workflows/parser_conformance.yml +++ b/.github/workflows/parser_conformance.yml @@ -15,6 +15,7 @@ on: env: RUST_LOG: info RUST_BACKTRACE: 1 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: coverage: diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index cb8beda8a175..013157e65bce 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -22,6 +22,7 @@ env: RUST_LOG: info RUST_BACKTRACE: 1 RUSTUP_WINDOWS_PATH_ADD_BIN: 1 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: format: diff --git a/.github/workflows/release_knope.yml b/.github/workflows/release_knope.yml index bf31af078080..92d4f3a33a18 100644 --- a/.github/workflows/release_knope.yml +++ b/.github/workflows/release_knope.yml @@ -5,6 +5,9 @@ on: types: [ closed ] branches: [ main ] +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: retrieve-version: if: github.head_ref == 'release/automated-ci' && github.event.pull_request.merged == true From 192d8db75330f040701f053cf48d0279c2fba7ad Mon Sep 17 00:00:00 2001 From: Antony David Date: Sun, 15 Sep 2024 19:42:58 +0200 Subject: [PATCH 2/2] chore: limit token scope --- .github/workflows/bench_cli.yml | 3 ++- .github/workflows/benchmark.yml | 3 ++- .github/workflows/main.yml | 11 ++++++++++- .github/workflows/parser_conformance.yml | 3 ++- .github/workflows/pull_request.yml | 13 ++++++++++++- .github/workflows/release_knope.yml | 6 ++++-- 6 files changed, 32 insertions(+), 7 deletions(-) diff --git a/.github/workflows/bench_cli.yml b/.github/workflows/bench_cli.yml index 695c978eb48b..7591f406e6e6 100644 --- a/.github/workflows/bench_cli.yml +++ b/.github/workflows/bench_cli.yml @@ -9,7 +9,6 @@ on: env: RUST_LOG: info - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: bench: @@ -40,6 +39,8 @@ jobs: channel: stable cache-target: release cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install hyperfine run: cargo install hyperfine diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 2addc7df6c3b..59fa4af12250 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -22,7 +22,6 @@ on: env: RUST_LOG: info - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: bench: @@ -45,6 +44,8 @@ jobs: cache-target: release bins: cargo-codspeed cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Compile run: cargo codspeed build --features codspeed -p xtask_bench diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4461acd2bf1c..3c09ffc4b5fa 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,7 +13,6 @@ env: RUST_LOG: info RUST_BACKTRACE: 1 RUSTUP_WINDOWS_PATH_ADD_BIN: 1 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: format: @@ -34,6 +33,8 @@ jobs: components: rustfmt bins: taplo-cli cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run rustfmt run: | cargo fmt --all --verbose -- --check @@ -52,6 +53,8 @@ jobs: with: components: clippy cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run cargo check run: cargo check --workspace --all-targets --release - name: Run clippy @@ -70,6 +73,8 @@ jobs: with: channel: nightly cache: false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install udeps run: cargo install cargo-udeps --locked - name: Run udeps @@ -93,6 +98,8 @@ jobs: uses: moonrepo/setup-rust@e013866c4215f77c925f42f60257dec7dd18836e # v1.2.1 with: cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run tests on ${{ matrix.os }} run: cargo test --workspace @@ -119,6 +126,8 @@ jobs: with: cache-target: release cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Compile run: cargo build --release --locked -p xtask_coverage - name: Run Test262 suite diff --git a/.github/workflows/parser_conformance.yml b/.github/workflows/parser_conformance.yml index 49cb1ef60118..8257b0d54aaf 100644 --- a/.github/workflows/parser_conformance.yml +++ b/.github/workflows/parser_conformance.yml @@ -15,7 +15,6 @@ on: env: RUST_LOG: info RUST_BACKTRACE: 1 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: coverage: @@ -44,6 +43,8 @@ jobs: with: cache-target: release cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Compile run: cargo build --release --locked -p xtask_coverage diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 013157e65bce..2fdae0fd1b6c 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -22,7 +22,6 @@ env: RUST_LOG: info RUST_BACKTRACE: 1 RUSTUP_WINDOWS_PATH_ADD_BIN: 1 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: format: @@ -39,6 +38,8 @@ jobs: components: rustfmt bins: taplo-cli cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run format run: | cargo fmt --all --check @@ -57,6 +58,8 @@ jobs: with: components: clippy cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run clippy run: | cargo lint @@ -94,6 +97,8 @@ jobs: uses: moonrepo/setup-rust@e013866c4215f77c925f42f60257dec7dd18836e # v1.2.1 with: cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run tests run: cargo test --workspace @@ -110,6 +115,8 @@ jobs: with: cache-target: release cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Build main binary run: cargo build -p biome_cli --release - name: Install Node.js @@ -153,6 +160,8 @@ jobs: uses: moonrepo/setup-rust@e013866c4215f77c925f42f60257dec7dd18836e # v1.2.1 with: cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run doc command run: cargo documentation @@ -168,6 +177,8 @@ jobs: uses: moonrepo/setup-rust@e013866c4215f77c925f42f60257dec7dd18836e # v1.2.1 with: cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run the grammar codegen run: cargo codegen grammar - name: Run the analyzer codegen diff --git a/.github/workflows/release_knope.yml b/.github/workflows/release_knope.yml index 92d4f3a33a18..c22d6db10be1 100644 --- a/.github/workflows/release_knope.yml +++ b/.github/workflows/release_knope.yml @@ -5,8 +5,6 @@ on: types: [ closed ] branches: [ main ] -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: retrieve-version: @@ -84,6 +82,8 @@ jobs: channel: stable cache-target: release cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install arm64 toolchain if: matrix.code-target == 'linux-arm64' || matrix.code-target == 'linux-arm64-musl' @@ -248,6 +248,8 @@ jobs: channel: stable cache-target: release cache-base: main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: katyo/publish-crates@v2 with: registry-token: ${{ secrets.CARGO_TOKEN }}