Merge pull request #1699 from actions/Link-/fix-workflow-permissions

Fix workflow permissions and cleanup workflow names / formatting
2026-01-30 07:54:21 +08:00 · 2026-01-29 11:31:19 +01:00 · 2026-01-29 11:31:19 +01:00 · cb6ea63971
commit cb6ea63971
parent a838313d22 49bc452f55
9 changed files with 58 additions and 37 deletions
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@ -1,4 +1,4 @@
-name: Check dist/
+name: Check dist content
 on:
  push:
@ -11,6 +11,9 @@ on:
      - '**.md'
  workflow_dispatch:
 permissions:
  contents: read
 jobs:
  call-check-dist:
    name: Check dist/
--- a/.github/workflows/close-inactive-issues.yml
+++ b/.github/workflows/close-inactive-issues.yml
@ -1,4 +1,5 @@
 name: Close inactive issues
 on:
  schedule:
    - cron: "30 8 * * *"
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -1,4 +1,4 @@
-name: "Code scanning - action"
+name: Code scanning
 on:
  push:
@ -6,15 +6,14 @@ on:
  schedule:
    - cron: '0 19 * * 0'
 permissions:
  contents: read
  security-events: write
 jobs:
  CodeQL-Build:
    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
    runs-on: ubuntu-latest
    permissions:
      # required for all workflows
      security-events: write
    steps:
    - name: Checkout repository
      uses: actions/checkout@v5
--- a/.github/workflows/issue-opened-workflow.yml
+++ b/.github/workflows/issue-opened-workflow.yml
@ -1,7 +1,12 @@
 name: Assign issue
 on:
  issues:
    types: [opened]
 permissions:
  issues: write
 jobs:
  run-action:
    runs-on: ubuntu-latest
--- a/.github/workflows/licensed.yml
+++ b/.github/workflows/licensed.yml
@ -1,6 +1,4 @@
-name: Licensed
+name: License check
 permissions:
  contents: read
 on:
  push:
@ -11,6 +9,9 @@ on:
      - main
  workflow_dispatch:
 permissions:
  contents: read
 jobs:
  validate-cached-dependency-records:
    runs-on: ubuntu-latest
--- a/.github/workflows/pr-opened-workflow.yml
+++ b/.github/workflows/pr-opened-workflow.yml
@ -1,7 +1,12 @@
-name: Add Reviewer PR
+name: Assign pull request reviewer
 on:
  pull_request_target:
    types: [opened]
 permissions:
  pull-requests: write
 jobs:
  run-action:
    runs-on: ubuntu-latest
--- a/.github/workflows/publish-immutable-actions.yml
+++ b/.github/workflows/publish-immutable-actions.yml
@ -1,17 +1,17 @@
-name: 'Publish Immutable Action Version'
+name: Publish immutable action
 on:
  release:
    types: [released]
 jobs:
  publish:
    runs-on: ubuntu-latest
 permissions:
  contents: read
  id-token: write
  packages: write
 jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - name: Checking out
        uses: actions/checkout@v5
--- a/.github/workflows/release-new-action-version.yml
+++ b/.github/workflows/release-new-action-version.yml
@ -1,4 +1,5 @@
 name: Release new action version
 on:
  release:
    types: [released]
@ -10,6 +11,7 @@ on:
 env:
  TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
 permissions:
  contents: write
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@ -10,6 +10,9 @@ on:
      - main
      - releases/**
 permissions:
  contents: read
 jobs:
  # Build and unit test
  build:
@ -57,6 +60,7 @@ jobs:
        path: |
          test-cache
          ~/test-cache
  test-restore:
    needs: test-save
    strategy:
@ -104,6 +108,7 @@ jobs:
      with:
        key: test-proxy-${{ github.run_id }}
        path: test-cache
  test-proxy-restore:
    needs: test-proxy-save
    runs-on: ubuntu-latest