neil/cache
1
0
Fork 0
mirror of https://github.com/actions/cache.git synced 2026-01-30 07:54:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix workflow permissions and cleanup

Browse Source
This commit is contained in:
Bassem Dghaidi 2026-01-29 02:17:35 -08:00 committed by GitHub
parent b56bb3a202
commit 94056f1871
6 changed files with 45 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/check-dist.yml vendored
View File

@ -11,6 +11,9 @@ on:
- '**.md' - '**.md'
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
call-check-dist: call-check-dist:
name: Check dist/ name: Check dist/

9
.github/workflows/codeql.yml vendored
View File

@ -6,15 +6,14 @@ on:
schedule: schedule:
- cron: '0 19 * * 0' - cron: '0 19 * * 0'
permissions:
contents: read
security-events: write
jobs: jobs:
CodeQL-Build: CodeQL-Build:
# CodeQL runs on ubuntu-latest, windows-latest, and macos-latest # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v5

21
.github/workflows/issue-opened-workflow.yml vendored
View File

@ -1,16 +1,21 @@
name: Assign issue name: Assign issue
on: on:
issues: issues:
types: [opened] types: [opened]
permissions:
issues: write
jobs: jobs:
run-action: run-action:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Get current oncall - name: Get current oncall
id: oncall id: oncall
run: | run: |
echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT
- name: add_assignees - name: add_assignees
run: | run: |
curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.issue.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}' curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.issue.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}'

3
.github/workflows/licensed.yml vendored
View File

@ -9,6 +9,9 @@ on:
- main - main
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
validate-cached-dependency-records: validate-cached-dependency-records:
runs-on: ubuntu-latest runs-on: ubuntu-latest

29
.github/workflows/pr-opened-workflow.yml vendored
View File

@ -1,20 +1,25 @@
name: Add Reviewer PR name: Add Reviewer PR
on: on:
pull_request_target: pull_request_target:
types: [opened] types: [opened]
permissions:
pull-requests: write
jobs: jobs:
run-action: run-action:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Get current oncall - name: Get current oncall
id: oncall id: oncall
run: | run: |
echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT
- name: Request Review - name: Request Review
run: | run: |
curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/pulls/${{ github.event.pull_request.number}}/requested_reviewers -d '{"reviewers":["${{steps.oncall.outputs.CURRENT}}"]}' curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/pulls/${{ github.event.pull_request.number}}/requested_reviewers -d '{"reviewers":["${{steps.oncall.outputs.CURRENT}}"]}'
- name: Add Assignee - name: Add Assignee
run: | run: |
curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.pull_request.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}' curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.pull_request.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}'

10
.github/workflows/publish-immutable-actions.yml vendored
View File

@ -4,14 +4,14 @@ on:
release: release:
types: [released] types: [released]
permissions:
contents: read
id-token: write
packages: write
jobs: jobs:
publish: publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps: steps:
- name: Checking out - name: Checking out
uses: actions/checkout@v5 uses: actions/checkout@v5