diff options
| author | Charles Harris <charlesr.harris@gmail.com> | 2022-10-02 16:52:23 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-02 16:52:23 -0500 |
| commit | 737016fe18583b69e6c713532a1fb8097e97772a (patch) | |
| tree | 931c46356ce89b825625f04611b1d22b61eea537 | |
| parent | 3b6abec7a453ca4ff90f43b7231b3f8910b9f875 (diff) | |
| parent | 423368e53448685aae8a46217d9a92db5e611b6d (diff) | |
| download | numpy-737016fe18583b69e6c713532a1fb8097e97772a.tar.gz | |
Merge pull request #22367 from mattip/ci-permissions
BUILD: add permissions to github actions
| -rw-r--r-- | .github/workflows/build_test.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/circleci.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/cygwin.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/docker.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/gitpod.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/labeler.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/wheels.yml | 3 |
7 files changed, 22 insertions, 0 deletions
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml index 2b59206c2..598a4945d 100644 --- a/.github/workflows/build_test.yml +++ b/.github/workflows/build_test.yml @@ -22,6 +22,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read # to fetch code (actions/checkout) + jobs: lint: if: "github.repository == 'numpy/numpy' && github.ref != 'refs/heads/main' && !contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.head_commit.message, '[skip github]')" diff --git a/.github/workflows/circleci.yml b/.github/workflows/circleci.yml index 153e46d80..63c666891 100644 --- a/.github/workflows/circleci.yml +++ b/.github/workflows/circleci.yml @@ -1,6 +1,10 @@ # To enable this workflow on a fork, comment out: # # if: github.repository == 'numpy/numpy' + +permissions: + contents: read # to fetch code (actions/checkout) + on: [status] jobs: circleci_artifacts_redirector_job: diff --git a/.github/workflows/cygwin.yml b/.github/workflows/cygwin.yml index a7638174e..ba058f92e 100644 --- a/.github/workflows/cygwin.yml +++ b/.github/workflows/cygwin.yml @@ -14,6 +14,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read # to fetch code (actions/checkout) + jobs: cygwin_build_test: runs-on: windows-latest diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index a220eb9ca..712348d08 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -7,6 +7,9 @@ on: paths: - 'environment.yml' +permissions: + contents: read # to fetch code (actions/checkout) + jobs: build: name: Build base Docker image diff --git a/.github/workflows/gitpod.yml b/.github/workflows/gitpod.yml index 1c33566a5..e1fe6f09c 100644 --- a/.github/workflows/gitpod.yml +++ b/.github/workflows/gitpod.yml @@ -5,6 +5,9 @@ on: branches: - main +permissions: + contents: read # to fetch code (actions/checkout) + jobs: build: name: Build Gitpod Docker image diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 99db967b3..11eb110b2 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -3,6 +3,9 @@ on: pull_request_target: types: [opened, synchronize, reopened, edited] +permissions: + contents: write # to add labels + jobs: pr-labeler: runs-on: ubuntu-latest diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 4169a0b3f..13f2abbd0 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -31,6 +31,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read # to fetch code (actions/checkout) + jobs: get_commit_message: name: Get commit message |