Skip to content

Commit

Permalink
Set Token Permissions on GitHub workflows (#1858)
Browse files Browse the repository at this point in the history
  • Loading branch information
@joycebrum
joycebrum authored Sep 18, 2023
1 parent 2b8f277 commit 35e8ac9
Show file tree
Hide file tree
Showing 6 changed files with 37 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/api.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ on:
schedule:
- cron: "0 12 * * *"

permissions:
contents: read

jobs:

macos:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/benchmarks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ on:
branches:
- master

permissions:
contents: read

jobs:
macos:
if: github.repository == 'tensorflow/io' # Don't do this in forks
Expand Down Expand Up @@ -47,6 +50,8 @@ jobs:
if: github.repository == 'tensorflow/io' # Don't do this in forks
name: Linux ${{ matrix.python }} + ${{ matrix.version }}
runs-on: ubuntu-20.04
permissions:
contents: write # to allow sending a commit comment for the benchmark action
strategy:
fail-fast: false
matrix:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ on:
branches:
- master

permissions:
contents: read

env:
REPO_NAME: ${{ github.repository }}
EVENT_NAME: ${{ github.event_name }}
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/release.note.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,14 @@ on:
branches:
- master

permissions:
contents: read

jobs:
release-note:
permissions:
contents: write # for peter-evans/create-pull-request to create branch
pull-requests: write # for peter-evans/create-pull-request to create a PR
name: README.md
runs-on: ubuntu-latest
steps:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,13 @@ on:
description: "Commit (e.g., 92b44e1)"
required: true

permissions:
contents: read

jobs:
release:
permissions:
contents: write
name: Release
runs-on: ubuntu-latest
steps:
Expand Down
15 changes: 15 additions & 0 deletions .github/workflows/reviewdog.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,14 @@ on:
branches:
- master

permissions:
contents: read

jobs:
bazel:
permissions:
checks: write # for reviewdog/action-suggester to report issues using checks
contents: read # for actions/checkout to fetch code
name: Bazel Buildifier
runs-on: ubuntu-20.04
steps:
Expand All @@ -16,6 +22,9 @@ jobs:
bazel run -s --verbose_failures --experimental_repo_remote_exec //tools/lint:lint -- bazel
- uses: reviewdog/action-suggester@v1
black:
permissions:
checks: write # for reviewdog/action-suggester to report issues using checks
contents: read # for actions/checkout to fetch code
name: Python Black
runs-on: ubuntu-20.04
steps:
Expand All @@ -25,6 +34,9 @@ jobs:
bazel run -s --verbose_failures --experimental_repo_remote_exec //tools/lint:lint -- black
- uses: reviewdog/action-suggester@v1
clang:
permissions:
checks: write # for reviewdog/action-suggester to report issues using checks
contents: read # for actions/checkout to fetch code
name: Clang Format
runs-on: ubuntu-20.04
steps:
Expand All @@ -34,6 +46,9 @@ jobs:
bazel run -s --verbose_failures --experimental_repo_remote_exec //tools/lint:lint -- clang
- uses: reviewdog/action-suggester@v1
pyupgrade:
permissions:
checks: write # for reviewdog/action-suggester to report issues using checks
contents: read # for actions/checkout to fetch code
name: Python Pyupgrade
runs-on: ubuntu-20.04
steps:
Expand Down

0 comments on commit 35e8ac9

Please sign in to comment.