From 95338874c41fdbc52a23dda14376b521dc5ebaed Mon Sep 17 00:00:00 2001 From: Shaojun Liu <61072813+liu-shaojun@users.noreply.github.com> Date: Sun, 18 Feb 2024 13:23:54 +0800 Subject: [PATCH] Fix Token Permission issues (#10151) Co-authored-by: Your Name --- .github/workflows/chronos-example-python-spark31.yml | 3 +++ .github/workflows/chronos-howto-guides-python-spark31.yml | 5 ++++- .github/workflows/chronos-nb-python-spark31.yml | 3 +++ .github/workflows/chronos-notebook-python-spark31.yml | 3 +++ .github/workflows/chronos-prvn-python-spark31.yml | 3 +++ .github/workflows/llm-harness-evaluation.yml | 3 +++ .github/workflows/nightly-build-example-tests-ppml.yaml | 5 +++-- .github/workflows/scala-style-check.yml | 7 ++++--- 8 files changed, 26 insertions(+), 6 deletions(-) diff --git a/.github/workflows/chronos-example-python-spark31.yml b/.github/workflows/chronos-example-python-spark31.yml index 76df2e2e813..9be152864eb 100644 --- a/.github/workflows/chronos-example-python-spark31.yml +++ b/.github/workflows/chronos-example-python-spark31.yml @@ -5,6 +5,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} cancel-in-progress: true +permissions: + contents: read + # Controls when the action will run. on: # Triggers the workflow on merge events for nano/orca change diff --git a/.github/workflows/chronos-howto-guides-python-spark31.yml b/.github/workflows/chronos-howto-guides-python-spark31.yml index ca494906d9f..9ecd1c0c301 100644 --- a/.github/workflows/chronos-howto-guides-python-spark31.yml +++ b/.github/workflows/chronos-howto-guides-python-spark31.yml @@ -4,7 +4,10 @@ name: Chronos Tests for How-to Guides Spark3.1 py38 py39 concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} cancel-in-progress: true - + +permissions: + contents: read + # Controls when the action will run. on: # Triggers the workflow on pull request events but only for the main branch diff --git a/.github/workflows/chronos-nb-python-spark31.yml b/.github/workflows/chronos-nb-python-spark31.yml index 6ee37359406..7e72d098144 100644 --- a/.github/workflows/chronos-nb-python-spark31.yml +++ b/.github/workflows/chronos-nb-python-spark31.yml @@ -11,6 +11,9 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: +permissions: + contents: read + env: GIST_ID: bc8a699b455bced4a1aef138ad5df07e diff --git a/.github/workflows/chronos-notebook-python-spark31.yml b/.github/workflows/chronos-notebook-python-spark31.yml index d3420803d47..d32e9610504 100644 --- a/.github/workflows/chronos-notebook-python-spark31.yml +++ b/.github/workflows/chronos-notebook-python-spark31.yml @@ -5,6 +5,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} cancel-in-progress: true +permissions: + contents: read + # Controls when the action will run. on: schedule: diff --git a/.github/workflows/chronos-prvn-python-spark31.yml b/.github/workflows/chronos-prvn-python-spark31.yml index 2fe38a611eb..1aa757b6b25 100644 --- a/.github/workflows/chronos-prvn-python-spark31.yml +++ b/.github/workflows/chronos-prvn-python-spark31.yml @@ -5,6 +5,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} cancel-in-progress: true +permissions: + contents: read + # Controls when the action will run. on: # Triggers the workflow on merge events for nano/orca change diff --git a/.github/workflows/llm-harness-evaluation.yml b/.github/workflows/llm-harness-evaluation.yml index 9edddb90fa8..984e809fe22 100644 --- a/.github/workflows/llm-harness-evaluation.yml +++ b/.github/workflows/llm-harness-evaluation.yml @@ -5,6 +5,9 @@ concurrency: group: ${{ github.workflow }}-llm-nightly-test-${{ github.event.pull_request.number || github.run_id }} cancel-in-progress: true +permissions: + contents: read + # Controls when the action will run. on: schedule: diff --git a/.github/workflows/nightly-build-example-tests-ppml.yaml b/.github/workflows/nightly-build-example-tests-ppml.yaml index 4f3c1b93dee..ca5a06d433b 100644 --- a/.github/workflows/nightly-build-example-tests-ppml.yaml +++ b/.github/workflows/nightly-build-example-tests-ppml.yaml @@ -1,5 +1,8 @@ name: Nightly Build Example Tests PPML Spark Local on Graphene +permissions: + contents: read + on: schedule: - cron: '0 17 * * *' @@ -33,8 +36,6 @@ on: jobs: example-tests-ppml: runs-on: [self-hosted, SGX, Wilwarin] - permissions: - contents: read steps: - uses: actions/checkout@v3 diff --git a/.github/workflows/scala-style-check.yml b/.github/workflows/scala-style-check.yml index 5ed8a387716..b87ac7ae3be 100644 --- a/.github/workflows/scala-style-check.yml +++ b/.github/workflows/scala-style-check.yml @@ -4,7 +4,10 @@ name: Scala Style Check concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} cancel-in-progress: true - + +permissions: + contents: read + on: push: branches: [ "main" ] @@ -25,8 +28,6 @@ jobs: build: runs-on: [self-hosted, Gondolin, ubuntu-20.04-lts] - permissions: - contents: read steps: - uses: actions/checkout@v3