From 1f2ece2096f9b4ffd8a26489e9a13f9aec70829d Mon Sep 17 00:00:00 2001 From: Alex <93376818+sashashura@users.noreply.github.com> Date: Fri, 2 Sep 2022 16:08:39 +0100 Subject: [PATCH 1/5] Update ci.yml Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com> --- src/ci/github-actions/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ci/github-actions/ci.yml b/src/ci/github-actions/ci.yml index 6e4b0b0c2c3f1..42ce0576d49e0 100644 --- a/src/ci/github-actions/ci.yml +++ b/src/ci/github-actions/ci.yml @@ -264,6 +264,9 @@ on: branches: - "**" +permissions: + contents: read + defaults: run: # On Linux, macOS, and Windows, use the system-provided bash as the default From 301cc87abe1c732c0a7e9e9efe266fd0e10130fc Mon Sep 17 00:00:00 2001 From: Alex <93376818+sashashura@users.noreply.github.com> Date: Fri, 2 Sep 2022 17:37:17 +0100 Subject: [PATCH 2/5] Update ci.yml Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com> --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ec1ef041b2068..9ebbc9c1c4bb6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,6 +25,8 @@ name: CI pull_request: branches: - "**" +permissions: + contents: read defaults: run: shell: bash From 30875e9d0b3d06c3d271be0e869728a4baa0ddeb Mon Sep 17 00:00:00 2001 From: sashashura <93376818+sashashura@users.noreply.github.com> Date: Sun, 4 Sep 2022 19:56:28 +0300 Subject: [PATCH 3/5] add actions: write --- .github/workflows/ci.yml | 6 ++++++ src/ci/github-actions/ci.yml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9ebbc9c1c4bb6..91b139664c8bb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,6 +32,8 @@ defaults: shell: bash jobs: pr: + permissions: + actions: write # for rust-lang/simpleinfra/github-actions/cancel-outdated-builds name: PR env: CI_JOB_NAME: "${{ matrix.name }}" @@ -144,6 +146,8 @@ jobs: AWS_SECRET_ACCESS_KEY: "${{ secrets[format('AWS_SECRET_ACCESS_KEY_{0}', env.ARTIFACTS_AWS_ACCESS_KEY_ID)] }}" if: "success() && !env.SKIP_JOB && (github.event_name == 'push' || env.DEPLOY == '1' || env.DEPLOY_ALT == '1')" auto: + permissions: + actions: write # for rust-lang/simpleinfra/github-actions/cancel-outdated-builds name: auto env: CI_JOB_NAME: "${{ matrix.name }}" @@ -549,6 +553,8 @@ jobs: AWS_SECRET_ACCESS_KEY: "${{ secrets[format('AWS_SECRET_ACCESS_KEY_{0}', env.ARTIFACTS_AWS_ACCESS_KEY_ID)] }}" if: "success() && !env.SKIP_JOB && (github.event_name == 'push' || env.DEPLOY == '1' || env.DEPLOY_ALT == '1')" try: + permissions: + actions: write # for rust-lang/simpleinfra/github-actions/cancel-outdated-builds name: try env: CI_JOB_NAME: "${{ matrix.name }}" diff --git a/src/ci/github-actions/ci.yml b/src/ci/github-actions/ci.yml index 42ce0576d49e0..0f748ed0c62dc 100644 --- a/src/ci/github-actions/ci.yml +++ b/src/ci/github-actions/ci.yml @@ -276,6 +276,8 @@ defaults: jobs: pr: + permissions: + actions: write <<: *base-ci-job name: PR env: @@ -296,6 +298,8 @@ jobs: <<: *job-linux-xl auto: + permissions: + actions: write <<: *base-ci-job name: auto env: @@ -722,6 +726,8 @@ jobs: <<: *job-windows-xl try: + permissions: + actions: write # for rust-lang/simpleinfra/github-actions/cancel-outdated-builds <<: *base-ci-job name: try env: From 294d0e9e3166e9119f43bde3328c8106016e3212 Mon Sep 17 00:00:00 2001 From: sashashura <93376818+sashashura@users.noreply.github.com> Date: Sun, 4 Sep 2022 20:08:45 +0300 Subject: [PATCH 4/5] Regenerate --- src/ci/github-actions/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ci/github-actions/ci.yml b/src/ci/github-actions/ci.yml index 0f748ed0c62dc..43aa9be11a489 100644 --- a/src/ci/github-actions/ci.yml +++ b/src/ci/github-actions/ci.yml @@ -277,7 +277,7 @@ defaults: jobs: pr: permissions: - actions: write + actions: write # for rust-lang/simpleinfra/github-actions/cancel-outdated-builds <<: *base-ci-job name: PR env: @@ -299,7 +299,7 @@ jobs: auto: permissions: - actions: write + actions: write # for rust-lang/simpleinfra/github-actions/cancel-outdated-builds <<: *base-ci-job name: auto env: From bd5aad3ee28fbc1f7cb4bd2c52763dbadaeae34a Mon Sep 17 00:00:00 2001 From: sashashura <93376818+sashashura@users.noreply.github.com> Date: Sun, 4 Sep 2022 20:39:33 +0300 Subject: [PATCH 5/5] Regenerate --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 91b139664c8bb..6693182e0c578 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,7 +33,7 @@ defaults: jobs: pr: permissions: - actions: write # for rust-lang/simpleinfra/github-actions/cancel-outdated-builds + actions: write name: PR env: CI_JOB_NAME: "${{ matrix.name }}" @@ -147,7 +147,7 @@ jobs: if: "success() && !env.SKIP_JOB && (github.event_name == 'push' || env.DEPLOY == '1' || env.DEPLOY_ALT == '1')" auto: permissions: - actions: write # for rust-lang/simpleinfra/github-actions/cancel-outdated-builds + actions: write name: auto env: CI_JOB_NAME: "${{ matrix.name }}" @@ -554,7 +554,7 @@ jobs: if: "success() && !env.SKIP_JOB && (github.event_name == 'push' || env.DEPLOY == '1' || env.DEPLOY_ALT == '1')" try: permissions: - actions: write # for rust-lang/simpleinfra/github-actions/cancel-outdated-builds + actions: write name: try env: CI_JOB_NAME: "${{ matrix.name }}"