mirror of
https://github.com/actions/cache.git
synced 2026-01-30 07:54:21 +08:00
Merge pull request #1699 from actions/Link-/fix-workflow-permissions
Fix workflow permissions and cleanup workflow names / formatting
This commit is contained in:
Bassem Dghaidi
GitHub
commit
cb6ea63971
5
.github/workflows/check-dist.yml
vendored
5
.github/workflows/check-dist.yml
vendored
@ -1,4 +1,4 @@
|
||||
name: Check dist/
|
||||
name: Check dist content
|
||||
|
||||
on:
|
||||
push:
|
||||
@ -11,6 +11,9 @@ on:
|
||||
- '**.md'
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
call-check-dist:
|
||||
name: Check dist/
|
||||
|
||||
1
.github/workflows/close-inactive-issues.yml
vendored
1
.github/workflows/close-inactive-issues.yml
vendored
@ -1,4 +1,5 @@
|
||||
name: Close inactive issues
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "30 8 * * *"
|
||||
|
||||
11
.github/workflows/codeql.yml
vendored
11
.github/workflows/codeql.yml
vendored
@ -1,4 +1,4 @@
|
||||
name: "Code scanning - action"
|
||||
name: Code scanning
|
||||
|
||||
on:
|
||||
push:
|
||||
@ -6,15 +6,14 @@ on:
|
||||
schedule:
|
||||
- cron: '0 19 * * 0'
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
jobs:
|
||||
CodeQL-Build:
|
||||
# CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
permissions:
|
||||
# required for all workflows
|
||||
security-events: write
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v5
|
||||
|
||||
21
.github/workflows/issue-opened-workflow.yml
vendored
21
.github/workflows/issue-opened-workflow.yml
vendored
@ -1,16 +1,21 @@
|
||||
name: Assign issue
|
||||
|
||||
on:
|
||||
issues:
|
||||
types: [opened]
|
||||
|
||||
permissions:
|
||||
issues: write
|
||||
|
||||
jobs:
|
||||
run-action:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Get current oncall
|
||||
id: oncall
|
||||
run: |
|
||||
echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: add_assignees
|
||||
run: |
|
||||
curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.issue.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}'
|
||||
- name: Get current oncall
|
||||
id: oncall
|
||||
run: |
|
||||
echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: add_assignees
|
||||
run: |
|
||||
curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.issue.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}'
|
||||
|
||||
7
.github/workflows/licensed.yml
vendored
7
.github/workflows/licensed.yml
vendored
@ -1,6 +1,4 @@
|
||||
name: Licensed
|
||||
permissions:
|
||||
contents: read
|
||||
name: License check
|
||||
|
||||
on:
|
||||
push:
|
||||
@ -11,6 +9,9 @@ on:
|
||||
- main
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
validate-cached-dependency-records:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
31
.github/workflows/pr-opened-workflow.yml
vendored
31
.github/workflows/pr-opened-workflow.yml
vendored
@ -1,20 +1,25 @@
|
||||
name: Add Reviewer PR
|
||||
name: Assign pull request reviewer
|
||||
|
||||
on:
|
||||
pull_request_target:
|
||||
types: [opened]
|
||||
|
||||
permissions:
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
run-action:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Get current oncall
|
||||
id: oncall
|
||||
run: |
|
||||
echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Request Review
|
||||
run: |
|
||||
curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/pulls/${{ github.event.pull_request.number}}/requested_reviewers -d '{"reviewers":["${{steps.oncall.outputs.CURRENT}}"]}'
|
||||
|
||||
- name: Add Assignee
|
||||
run: |
|
||||
curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.pull_request.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}'
|
||||
- name: Get current oncall
|
||||
id: oncall
|
||||
run: |
|
||||
echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Request Review
|
||||
run: |
|
||||
curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/pulls/${{ github.event.pull_request.number}}/requested_reviewers -d '{"reviewers":["${{steps.oncall.outputs.CURRENT}}"]}'
|
||||
|
||||
- name: Add Assignee
|
||||
run: |
|
||||
curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.pull_request.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}'
|
||||
|
||||
12
.github/workflows/publish-immutable-actions.yml
vendored
12
.github/workflows/publish-immutable-actions.yml
vendored
@ -1,17 +1,17 @@
|
||||
name: 'Publish Immutable Action Version'
|
||||
name: Publish immutable action
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [released]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
packages: write
|
||||
|
||||
jobs:
|
||||
publish:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
packages: write
|
||||
|
||||
steps:
|
||||
- name: Checking out
|
||||
uses: actions/checkout@v5
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
name: Release new action version
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [released]
|
||||
@ -10,6 +11,7 @@ on:
|
||||
|
||||
env:
|
||||
TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
|
||||
5
.github/workflows/workflow.yml
vendored
5
.github/workflows/workflow.yml
vendored
@ -10,6 +10,9 @@ on:
|
||||
- main
|
||||
- releases/**
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
# Build and unit test
|
||||
build:
|
||||
@ -57,6 +60,7 @@ jobs:
|
||||
path: |
|
||||
test-cache
|
||||
~/test-cache
|
||||
|
||||
test-restore:
|
||||
needs: test-save
|
||||
strategy:
|
||||
@ -104,6 +108,7 @@ jobs:
|
||||
with:
|
||||
key: test-proxy-${{ github.run_id }}
|
||||
path: test-cache
|
||||
|
||||
test-proxy-restore:
|
||||
needs: test-proxy-save
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user