From fb047df6ad8b88a24067e41b95677dcbe53abc11 Mon Sep 17 00:00:00 2001 From: Vasilii Ilichev Date: Tue, 23 Jan 2024 23:01:37 +0700 Subject: [PATCH] fixed permissions --- .github/workflows/branch-deploy.yml | 6 ++---- .github/workflows/branch-remove.yml | 6 ++---- .github/workflows/build-public-image.yml | 6 ++---- .github/workflows/codeql-analysis.yml | 8 ++------ .github/workflows/cve.yaml | 7 ++----- .github/workflows/documentation.yaml | 7 ++----- .github/workflows/e2e-automation.yml | 7 ++----- .github/workflows/e2e-checks.yaml | 2 -- .github/workflows/e2e-manual.yml | 7 ++----- .github/workflows/e2e-weekly.yml | 7 ++----- .github/workflows/frontend.yaml | 6 ++---- .github/workflows/master.yaml | 7 ++----- .github/workflows/release-serde-api.yaml | 7 ++----- .github/workflows/release.yaml | 7 ++----- .github/workflows/separate_env_public_create.yml | 7 ++----- .github/workflows/workflow_linter.yaml | 7 ++----- 16 files changed, 30 insertions(+), 74 deletions(-) diff --git a/.github/workflows/branch-deploy.yml b/.github/workflows/branch-deploy.yml index 5763106b9..c2e8b8ef9 100644 --- a/.github/workflows/branch-deploy.yml +++ b/.github/workflows/branch-deploy.yml @@ -4,14 +4,12 @@ on: pull_request: types: ['labeled'] -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read jobs: build: if: ${{ github.event.label.name == 'status/feature_testing' || github.event.label.name == 'status/feature_testing_public' }} runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/branch-remove.yml b/.github/workflows/branch-remove.yml index 52c998657..00b329167 100644 --- a/.github/workflows/branch-remove.yml +++ b/.github/workflows/branch-remove.yml @@ -3,13 +3,11 @@ on: workflow_dispatch: pull_request: types: ['unlabeled', 'closed'] -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read jobs: remove: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read if: ${{ (github.event.label.name == 'status/feature_testing' || github.event.label.name == 'status/feature_testing_public') || (github.event.action == 'closed' && (contains(github.event.pull_request.labels.*.name, 'status/feature_testing') || contains(github.event.pull_request.labels.*.name, 'status/feature_testing_public'))) }} steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/build-public-image.yml b/.github/workflows/build-public-image.yml index d92fcb218..9cfa873b6 100644 --- a/.github/workflows/build-public-image.yml +++ b/.github/workflows/build-public-image.yml @@ -3,14 +3,12 @@ on: workflow_dispatch: pull_request: types: ['labeled'] -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read jobs: build: if: ${{ github.event.label.name == 'status/image_testing' }} runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index bef80c4bd..21c8ee72a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,16 +25,12 @@ on: schedule: - cron: '39 15 * * 6' -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read - jobs: analyze: name: Analyze runs-on: ubuntu-latest - + permissions: # TODO remove when public + contents: read strategy: fail-fast: false matrix: diff --git a/.github/workflows/cve.yaml b/.github/workflows/cve.yaml index 74ae6ae34..e4433c35e 100644 --- a/.github/workflows/cve.yaml +++ b/.github/workflows/cve.yaml @@ -4,15 +4,12 @@ on: schedule: # * is a special character in YAML so you have to quote this string - cron: '0 8 15 * *' - -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml index d9d75c77e..1271b8287 100644 --- a/.github/workflows/documentation.yaml +++ b/.github/workflows/documentation.yaml @@ -9,14 +9,11 @@ on: paths: - '**.md' -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read - jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/e2e-automation.yml b/.github/workflows/e2e-automation.yml index 5780775e1..1ccc2e340 100644 --- a/.github/workflows/e2e-automation.yml +++ b/.github/workflows/e2e-automation.yml @@ -15,15 +15,12 @@ on: description: 'Set Qase token to enable integration' required: false type: string - -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/e2e-checks.yaml b/.github/workflows/e2e-checks.yaml index f7aeae419..ff336ac28 100644 --- a/.github/workflows/e2e-checks.yaml +++ b/.github/workflows/e2e-checks.yaml @@ -10,8 +10,6 @@ on: - "pom.xml" permissions: # TODO remove when public statuses: write - checks: write - pull-requests: write contents: read jobs: build-and-test: diff --git a/.github/workflows/e2e-manual.yml b/.github/workflows/e2e-manual.yml index c204a70d5..0e80ccf33 100644 --- a/.github/workflows/e2e-manual.yml +++ b/.github/workflows/e2e-manual.yml @@ -14,15 +14,12 @@ on: description: 'Set Qase token to enable integration' required: true type: string - -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/e2e-weekly.yml b/.github/workflows/e2e-weekly.yml index 7ed07c57a..671fcac67 100644 --- a/.github/workflows/e2e-weekly.yml +++ b/.github/workflows/e2e-weekly.yml @@ -3,14 +3,11 @@ on: schedule: - cron: '0 1 * * 1' -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read - jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/frontend.yaml b/.github/workflows/frontend.yaml index cae3ca555..b8d430d36 100644 --- a/.github/workflows/frontend.yaml +++ b/.github/workflows/frontend.yaml @@ -8,10 +8,6 @@ on: paths: - "kafka-ui-contract/**" - "kafka-ui-react-app/**" -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read jobs: build-and-test: @@ -19,6 +15,8 @@ jobs: CI: true NODE_ENV: dev runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml index 3785dca4b..5721bbc63 100644 --- a/.github/workflows/master.yaml +++ b/.github/workflows/master.yaml @@ -3,15 +3,12 @@ on: workflow_dispatch: push: branches: [ "main" ] - -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read jobs: build: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/release-serde-api.yaml b/.github/workflows/release-serde-api.yaml index 35b549bdc..9d0012778 100644 --- a/.github/workflows/release-serde-api.yaml +++ b/.github/workflows/release-serde-api.yaml @@ -1,14 +1,11 @@ name: "Infra: Release: Serde API" on: workflow_dispatch -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read - jobs: release-serde-api: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d63bb88db..5a6a0d327 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -3,14 +3,11 @@ on: release: types: [published] -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read - jobs: release: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read outputs: version: ${{steps.build.outputs.version}} steps: diff --git a/.github/workflows/separate_env_public_create.yml b/.github/workflows/separate_env_public_create.yml index c3d0715d2..022b66792 100644 --- a/.github/workflows/separate_env_public_create.yml +++ b/.github/workflows/separate_env_public_create.yml @@ -7,14 +7,11 @@ on: required: true default: 'demo' -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read - jobs: build: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/workflow_linter.yaml b/.github/workflows/workflow_linter.yaml index f9dfe7e87..c0a05c668 100644 --- a/.github/workflows/workflow_linter.yaml +++ b/.github/workflows/workflow_linter.yaml @@ -9,14 +9,11 @@ on: paths: - ".github/workflows/**" -permissions: # TODO remove when public - checks: write - pull-requests: write - contents: read - jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: