mirror of
https://github.com/pybind/pybind11.git
synced 2024-11-24 06:05:10 +00:00
ci: set minimal permissions to github workflows (#4665)
* set ci.yml minimal permissions Signed-off-by: Joyce <joycebrum@google.com> * set configure.yml minimal permissions Signed-off-by: Joyce <joycebrum@google.com> * set format.yml minimal permissions Signed-off-by: Joyce <joycebrum@google.com> * set pip.yml minimal permissions Signed-off-by: Joyce <joycebrum@google.com> * set upstream.yml minimal permissions Signed-off-by: Joyce <joycebrum@google.com> * set labeler.yml minimal permissions Signed-off-by: Joyce <joycebrum@google.com> * Update ci.yml to read all Signed-off-by: Joyce <joycebrum@google.com> * test labeler.yml Signed-off-by: Joyce <joycebrum@google.com> * restore the if at labeler.yml Signed-off-by: Joyce <joycebrum@google.com> --------- Signed-off-by: Joyce <joycebrum@google.com>
This commit is contained in:
parent
cca4c51ca4
commit
d72ffb448c
2
.github/workflows/ci.yml
vendored
2
.github/workflows/ci.yml
vendored
@ -9,6 +9,8 @@ on:
|
|||||||
- stable
|
- stable
|
||||||
- v*
|
- v*
|
||||||
|
|
||||||
|
permissions: read-all
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
group: test-${{ github.ref }}
|
group: test-${{ github.ref }}
|
||||||
cancel-in-progress: true
|
cancel-in-progress: true
|
||||||
|
3
.github/workflows/configure.yml
vendored
3
.github/workflows/configure.yml
vendored
@ -9,6 +9,9 @@ on:
|
|||||||
- stable
|
- stable
|
||||||
- v*
|
- v*
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
env:
|
env:
|
||||||
# For cmake:
|
# For cmake:
|
||||||
VERBOSE: 1
|
VERBOSE: 1
|
||||||
|
3
.github/workflows/format.yml
vendored
3
.github/workflows/format.yml
vendored
@ -12,6 +12,9 @@ on:
|
|||||||
- stable
|
- stable
|
||||||
- "v*"
|
- "v*"
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
env:
|
env:
|
||||||
FORCE_COLOR: 3
|
FORCE_COLOR: 3
|
||||||
# For cmake:
|
# For cmake:
|
||||||
|
5
.github/workflows/labeler.yml
vendored
5
.github/workflows/labeler.yml
vendored
@ -3,10 +3,15 @@ on:
|
|||||||
pull_request_target:
|
pull_request_target:
|
||||||
types: [closed]
|
types: [closed]
|
||||||
|
|
||||||
|
permissions: {}
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
label:
|
label:
|
||||||
name: Labeler
|
name: Labeler
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
pull-requests: write
|
||||||
steps:
|
steps:
|
||||||
|
|
||||||
- uses: actions/labeler@main
|
- uses: actions/labeler@main
|
||||||
|
3
.github/workflows/pip.yml
vendored
3
.github/workflows/pip.yml
vendored
@ -12,6 +12,9 @@ on:
|
|||||||
types:
|
types:
|
||||||
- published
|
- published
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
env:
|
env:
|
||||||
PIP_ONLY_BINARY: numpy
|
PIP_ONLY_BINARY: numpy
|
||||||
|
|
||||||
|
3
.github/workflows/upstream.yml
vendored
3
.github/workflows/upstream.yml
vendored
@ -5,6 +5,9 @@ on:
|
|||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
pull_request:
|
pull_request:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
group: upstream-${{ github.ref }}
|
group: upstream-${{ github.ref }}
|
||||||
cancel-in-progress: true
|
cancel-in-progress: true
|
||||||
|
Loading…
Reference in New Issue
Block a user