Skip to content

Commit

Permalink
ci: fix permissions for private reistries
Browse files Browse the repository at this point in the history
  • Loading branch information
@suzuki-shunsuke
suzuki-shunsuke committed Oct 28, 2024
1 parent 8802a25 commit c28e6f3
Show file tree
Hide file tree
Showing 12 changed files with 43 additions and 48 deletions.
3 changes: 2 additions & 1 deletion .github/workflows/actionlint.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,12 @@ on:
branches: [main]
paths:
- .github/**
permissions: {}
jobs:
default:
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/debug-with-action-tmate.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,12 @@ on:
required: false
ref:
required: false
permissions: {}
jobs:
action-tmate:
runs-on: ${{inputs.runs-on}}
timeout-minutes: 360
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
Expand Down
35 changes: 21 additions & 14 deletions .github/workflows/test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@ jobs:
json-schema: ${{steps.changes.outputs.json-schema}}
test-docker: ${{steps.changes.outputs.test-docker}}
runs-on: ubuntu-latest
permissions: {}
permissions:
contents: read
pull-requests: read
timeout-minutes: 15
steps:
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
Expand Down Expand Up @@ -53,7 +55,6 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
needs:
- enable-automerge-renovate
- renovate-config-validator
- check-files
- generate-registry
Expand All @@ -67,14 +68,6 @@ jobs:
steps:
- run: exit 1

enable-automerge-renovate:
uses: ./.github/workflows/wc-enable-auto-merge.yaml
if: |
github.event.pull_request.user.login == 'renovate[bot]' && contains(github.event.pull_request.body, ' **Automerge**: Enabled.')
secrets:
gh_app_id: ${{secrets.APP_ID}}
gh_app_private_key: ${{secrets.APP_PRIVATE_KEY}}

renovate-config-validator:
uses: ./.github/workflows/wc-renovate-config-validator.yaml
needs: path-filter
Expand All @@ -86,35 +79,49 @@ jobs:
uses: ./.github/workflows/wc-check-files.yaml
needs: path-filter
if: ${{needs.path-filter.outputs.check-files == 'true'}}
permissions: {}
permissions:
contents: read

generate-registry:
uses: ./.github/workflows/wc-generate-registry.yaml
needs: path-filter
if: ${{needs.path-filter.outputs.generate-registry == 'true'}}
permissions: {}
permissions:
contents: read

json-schema:
uses: ./.github/workflows/wc-json-schema.yaml
needs: path-filter
if: ${{needs.path-filter.outputs.json-schema == 'true'}}
permissions: {}
permissions:
contents: read

prettier:
uses: ./.github/workflows/wc-prettier.yaml
permissions: {}
permissions:
contents: read

test-docker:
uses: ./.github/workflows/wc-test-docker.yaml
needs: path-filter
if: ${{needs.path-filter.outputs.test-docker == 'true'}}
permissions:
contents: read

ci-info:
uses: ./.github/workflows/wc-ci-info.yaml
permissions:
contents: read
pull-requests: read

lintnet:
uses: ./.github/workflows/wc-lintnet.yaml
permissions:
contents: read

test:
needs: ci-info
uses: ./.github/workflows/wc-test.yaml
permissions:
contents: read
pull-requests: read
3 changes: 2 additions & 1 deletion .github/workflows/wc-check-files.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ on: workflow_call
jobs:
check-files:
runs-on: ubuntu-latest
permissions: {}
permissions:
contents: read
timeout-minutes: 15
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/wc-ci-info.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ jobs:
runs-on: ubuntu-latest
env:
AQUA_CONFIG: aqua/ci-info.yaml
permissions: {}
permissions:
contents: read
pull-requests: read
timeout-minutes: 15
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down
24 changes: 0 additions & 24 deletions .github/workflows/wc-enable-auto-merge.yaml
View file

This file was deleted.

3 changes: 2 additions & 1 deletion .github/workflows/wc-generate-registry.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ on: workflow_call
jobs:
generate-registry:
runs-on: ubuntu-latest
permissions: {}
permissions:
contents: read
timeout-minutes: 15
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/wc-json-schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ on: workflow_call
jobs:
json-schema:
runs-on: ubuntu-latest
permissions: {}
permissions:
contents: read
timeout-minutes: 15
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/wc-lintnet.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ jobs:
runs-on: ubuntu-latest
env:
AQUA_CONFIG: aqua-all.yaml
permissions: {}
permissions:
contents: read
timeout-minutes: 15
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/wc-prettier.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ on: workflow_call
jobs:
prettier:
runs-on: ubuntu-latest
permissions: {}
permissions:
contents: read
timeout-minutes: 20
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/wc-test-docker.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ on: workflow_call
jobs:
test-docker:
runs-on: ubuntu-latest
permissions: {}
permissions:
contents: read
timeout-minutes: 20
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/wc-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,9 @@ jobs:
shell: bash
env:
AQUA_CONFIG: aqua/test.yaml
permissions: {}
permissions:
contents: read
pull-requests: read
timeout-minutes: 30
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down

0 comments on commit c28e6f3

Please sign in to comment.