NotificationsYou must be signed in to change notification settings
Fork7.9k
Star21.3k

Commitf902407

authored

Merge pull request#24587 from tacaswell/auto-backport-of-pr-24579-on-v3.6.x

Backport PR#24579: Add explicit permissions to GitHub Actions

2 parents336c6e1 +733d967 commitf902407Copy full SHA for f902407

File tree

9 files changed

+42

-2

lines changed

.circleci
- config.yml
.github/workflows

9 files changed

+42

-2

lines changed

`‎.circleci/config.yml`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -209,4 +209,6 @@ workflows:`
`209`	`209`	`version:2`
`210`	`210`	`build:`
`211`	`211`	`jobs:`
	`212`	+# NOTE: If you rename this job, then you must update the `if` condition
	`213`	+# and `circleci-jobs` option in `.github/workflows/circleci.yml`.
`212`	`214`	`-docs-python38`

`‎.github/workflows/cibuildsdist.yml`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+---`
`1`	`2`	`name:Build CI sdist and wheel`
`2`	`3`
`3`	`4`	`on:`
`@@ -17,6 +18,9 @@ on:`
`17`	`18`	`-reopened`
`18`	`19`	`-labeled`
`19`	`20`
	`21`	`+permissions:`
	`22`	`+contents:read`
	`23`	`+`
`20`	`24`	`jobs:`
`21`	`25`	`build_sdist:`
`22`	`26`	`if:\|`

`‎.github/workflows/cibuildwheel.yml`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+---`
`1`	`2`	`name:Build CI wheels`
`2`	`3`
`3`	`4`	`on:`
`@@ -17,6 +18,9 @@ on:`
`17`	`18`	`-reopened`
`18`	`19`	`-labeled`
`19`	`20`
	`21`	`+permissions:`
	`22`	`+contents:read`
	`23`	`+`
`20`	`24`	`jobs:`
`21`	`25`	`build_wheels:`
`22`	`26`	`if:\|`

`‎.github/workflows/circleci.yml`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,11 @@`
	`1`	`+---`
`1`	`2`	`on:[status]`
	`3`	`+permissions:`
	`4`	`+statuses:write`
`2`	`5`	`jobs:`
`3`	`6`	`circleci_artifacts_redirector_job:`
`4`	`7`	`runs-on:ubuntu-latest`
	`8`	`+if:"${{ github.event.context == 'ci/circleci: docs-python38' }}"`
`5`	`9`	`name:Run CircleCI artifacts redirector`
`6`	`10`	`steps:`
`7`	`11`	`-name:GitHub Action step`
`@@ -11,3 +15,7 @@ jobs:`
`11`	`15`	`artifact-path:0/doc/build/html/index.html`
`12`	`16`	`circleci-jobs:docs-python38`
`13`	`17`	`job-title:View the built docs`
	`18`	`+ -name:Check the URL`
	`19`	`+if:github.event.status != 'pending'`
	`20`	`+run:\|`
	`21`	`+ curl --fail ${{ steps.step1.outputs.url }} \| grep $GITHUB_SHA`

`‎.github/workflows/clean_pr.yml`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,10 @@`
	`1`	`+---`
`1`	`2`	`name:PR cleanliness`
`2`	`3`	`on:[pull_request]`
`3`	`4`
	`5`	`+permissions:`
	`6`	`+contents:read`
	`7`	`+`
`4`	`8`	`jobs:`
`5`	`9`	`pr_clean:`
`6`	`10`	`runs-on:ubuntu-latest`

`‎.github/workflows/nightlies.yml`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,9 @@ on:`
`7`	`7`	`# Run on demand with workflow dispatch`
`8`	`8`	`workflow_dispatch:`
`9`	`9`
	`10`	`+permissions:`
	`11`	`+actions:read`
	`12`	`+`
`10`	`13`	`jobs:`
`11`	`14`	`upload_nightly_wheels:`
`12`	`15`	`name:Upload nightly wheels to Anaconda Cloud`

`‎.github/workflows/pr_welcome.yml`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,11 @@`
	`1`	`+---`
`1`	`2`	`name:PR Greetings`
`2`	`3`
`3`	`4`	`on:[pull_request_target]`
`4`	`5`
	`6`	`+permissions:`
	`7`	`+pull-requests:write`
	`8`	`+`
`5`	`9`	`jobs:`
`6`	`10`	`greeting:`
`7`	`11`	`runs-on:ubuntu-latest`

`‎.github/workflows/reviewdog.yml`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,12 @@`
	`1`	`+---`
`1`	`2`	`name:Linting`
`2`	`3`	`on:[pull_request]`
`3`	`4`
	`5`	`+permissions:`
	`6`	`+contents:read`
	`7`	`+checks:write`
	`8`	`+pull-requests:write`
	`9`	`+`
`4`	`10`	`jobs:`
`5`	`11`	`flake8:`
`6`	`12`	`name:flake8`

`‎.github/workflows/tests.yml`

Lines changed: 7 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+---`
`1`	`2`	`name:Tests`
`2`	`3`	`concurrency:`
`3`	`4`	`group:${{ github.workflow }}-${{ github.event.number }}-${{ github.event.ref }}`
`@@ -25,6 +26,8 @@ env:`
`25`	`26`	`jobs:`
`26`	`27`	`test:`
`27`	`28`	`if:"github.event_name == 'workflow_dispatch' \|\| github.repository == 'matplotlib/matplotlib' && !contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.head_commit.message, '[skip github]')"`
	`29`	`+permissions:`
	`30`	`+contents:read`
`28`	`31`	`name:"Python ${{ matrix.python-version }} on ${{ matrix.os }} ${{ matrix.name-suffix }}"`
`29`	`32`	`runs-on:${{ matrix.os }}`
`30`	`33`
`@@ -281,9 +284,11 @@ jobs:`
`281`	`284`
`282`	`285`	`# Separate dependent job to only upload one issue from the matrix of jobs`
`283`	`286`	`create-issue:`
`284`		`-runs-on:ubuntu-latest`
`285`		`-needs:[test]`
`286`	`287`	`if:${{ failure() && github.event_name == 'schedule' }}`
	`288`	`+needs:[test]`
	`289`	`+permissions:`
	`290`	`+issues:write`
	`291`	`+runs-on:ubuntu-latest`
`287`	`292`	`name:"Create issue on failure"`
`288`	`293`
`289`	`294`	`steps:`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitf902407

File tree

9 files changed

9 files changed

`‎.circleci/config.yml`

`‎.github/workflows/cibuildsdist.yml`

`‎.github/workflows/cibuildwheel.yml`

`‎.github/workflows/circleci.yml`

`‎.github/workflows/clean_pr.yml`

`‎.github/workflows/nightlies.yml`

`‎.github/workflows/pr_welcome.yml`

`‎.github/workflows/reviewdog.yml`

`‎.github/workflows/tests.yml`

0 commit comments