From 4bcf401b7f15bf2df821f1cb021c01fcd426cf31 Mon Sep 17 00:00:00 2001 From: Joyce Brum Date: Tue, 6 Dec 2022 18:03:50 +0000 Subject: [PATCH] Squashed commit of the following: commit 9a3bf2c0ed6e63c718789679745fdaa24a2c2ba9 Author: Joyce Brum Date: Tue Dec 6 17:59:42 2022 +0000 fix: write permissions Signed-off-by: Joyce Brum commit 7716f3c00cd7cfe4debbbf97662b1cee7277ba00 Author: Joyce Brum Date: Tue Dec 6 17:04:19 2022 +0000 fix: typo on coverage workflow Signed-off-by: Joyce Brum commit cb5165401392f1a2de3683ec33ffe97dc0f1fe9f Author: Joyce Brum Date: Tue Dec 6 16:57:50 2022 +0000 feat: test coverage workflow with write permissions Signed-off-by: Joyce Brum commit 235627f257d52139c9c73c2ca15c9ef7250cea2f Author: Joyce Brum Date: Tue Dec 6 16:44:21 2022 +0000 fix: measure test read all and workflow dispatch Signed-off-by: Joyce Brum commit 81b1581f19945ba5ddd7fa74661910a457af7515 Author: Joyce Brum Date: Tue Dec 6 14:50:12 2022 +0000 feat: change from content read to read all Signed-off-by: Joyce Brum commit 95bd39f615924a9c0186e6d3e1ad6c205c7db428 Author: Joyce Brum Date: Tue Dec 6 14:45:45 2022 +0000 fix: add permission to write on e2e.yaml Signed-off-by: Joyce Brum commit f86661da253af3908cde9f5f71311fbca6b26c81 Author: Joyce Brum Date: Mon Dec 5 17:04:44 2022 +0000 feat: use read-only by default Signed-off-by: Joyce Brum Signed-off-by: Joyce Brum --- .github/workflows/build.yaml | 2 ++ .github/workflows/codeql-analysis.yml | 2 ++ .github/workflows/contrib.yaml | 1 + .github/workflows/coverage.yaml | 1 + .github/workflows/e2e.yaml | 3 +++ .github/workflows/functional.yaml | 1 + .github/workflows/fuzzing.yaml | 1 + .github/workflows/govuln.yaml | 1 + .github/workflows/grpcproxy.yaml | 1 + .github/workflows/linearizability.yaml | 1 + .github/workflows/measure-test-flakiness.yaml | 3 +++ .github/workflows/release.yaml | 3 +++ .github/workflows/static-analysis.yaml | 1 + .github/workflows/tests.yaml | 1 + 14 files changed, 22 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 3d8d359a1..c3aa840db 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,5 +1,7 @@ name: Build on: [push, pull_request] +permissions: read-all + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 52687f6ce..e4e082f38 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -20,6 +20,8 @@ on: schedule: - cron: '20 14 * * 5' +permissions: read-all + jobs: analyze: name: Analyze diff --git a/.github/workflows/contrib.yaml b/.github/workflows/contrib.yaml index 27f29dc7b..a1429c9fd 100644 --- a/.github/workflows/contrib.yaml +++ b/.github/workflows/contrib.yaml @@ -1,5 +1,6 @@ name: Test contrib/mixin on: [push, pull_request] +permissions: read-all jobs: test: runs-on: ubuntu-latest diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml index ddd0232ec..c5225f7f9 100644 --- a/.github/workflows/coverage.yaml +++ b/.github/workflows/coverage.yaml @@ -1,5 +1,6 @@ name: Coverage on: [push] +permissions: read-all jobs: coverage: runs-on: ubuntu-latest diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 01286cead..001199ca8 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -1,8 +1,11 @@ name: E2E on: [push, pull_request] +permissions: read-all jobs: test: runs-on: ubuntu-latest + permissions: + contents: write strategy: fail-fast: true matrix: diff --git a/.github/workflows/functional.yaml b/.github/workflows/functional.yaml index 155e3e4fa..d39d9a024 100644 --- a/.github/workflows/functional.yaml +++ b/.github/workflows/functional.yaml @@ -1,5 +1,6 @@ name: functional-tests on: [push, pull_request] +permissions: read-all jobs: test: runs-on: ubuntu-latest diff --git a/.github/workflows/fuzzing.yaml b/.github/workflows/fuzzing.yaml index 5e93c0c8d..75bf98a44 100644 --- a/.github/workflows/fuzzing.yaml +++ b/.github/workflows/fuzzing.yaml @@ -1,5 +1,6 @@ name: Fuzzing v3rpc on: [push, pull_request] +permissions: read-all jobs: fuzzing: runs-on: ubuntu-latest diff --git a/.github/workflows/govuln.yaml b/.github/workflows/govuln.yaml index 67bf37044..8794daf07 100644 --- a/.github/workflows/govuln.yaml +++ b/.github/workflows/govuln.yaml @@ -1,5 +1,6 @@ name: Go Vulnerability Checker on: [push, pull_request] +permissions: read-all jobs: test: runs-on: ubuntu-latest diff --git a/.github/workflows/grpcproxy.yaml b/.github/workflows/grpcproxy.yaml index 42350423b..d5fefb4fc 100644 --- a/.github/workflows/grpcproxy.yaml +++ b/.github/workflows/grpcproxy.yaml @@ -1,5 +1,6 @@ name: grpcProxy-tests on: [push, pull_request] +permissions: read-all jobs: test: runs-on: ubuntu-latest diff --git a/.github/workflows/linearizability.yaml b/.github/workflows/linearizability.yaml index 7303a3509..3d6b53e7d 100644 --- a/.github/workflows/linearizability.yaml +++ b/.github/workflows/linearizability.yaml @@ -1,5 +1,6 @@ name: Linearizability on: [push, pull_request] +permissions: read-all jobs: test: runs-on: ubuntu-latest diff --git a/.github/workflows/measure-test-flakiness.yaml b/.github/workflows/measure-test-flakiness.yaml index 68a555a0c..bf793c270 100644 --- a/.github/workflows/measure-test-flakiness.yaml +++ b/.github/workflows/measure-test-flakiness.yaml @@ -1,9 +1,12 @@ name: Measure Test Flakiness on: + workflow_dispatch: schedule: - cron: "0 0 * * 0" +permissions: read-all + jobs: measure-test-flakiness: name: Measure Test Flakiness diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b207e1a8c..a6546920c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,7 +1,10 @@ name: Release on: [push, pull_request] +permissions: read-all jobs: main: + permissions: + contents: write runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/static-analysis.yaml b/.github/workflows/static-analysis.yaml index fb7dd44ae..8905f46ce 100644 --- a/.github/workflows/static-analysis.yaml +++ b/.github/workflows/static-analysis.yaml @@ -1,5 +1,6 @@ name: Static Analysis on: [push, pull_request] +permissions: read-all jobs: run: runs-on: ubuntu-latest diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 4a3f977df..11ee3240c 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -1,5 +1,6 @@ name: Tests on: [push, pull_request] +permissions: read-all jobs: test: runs-on: ubuntu-latest