From 6adbab301a7be14d7b1db625dc36cac7a384da42 Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 6 Mar 2023 11:20:19 -0300 Subject: [PATCH 1/9] chore: set permissions to autotools-cmake Signed-off-by: Joyce --- .github/workflows/autotools-cmake.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/autotools-cmake.yml b/.github/workflows/autotools-cmake.yml index ae33934a..0d8311c0 100644 --- a/.github/workflows/autotools-cmake.yml +++ b/.github/workflows/autotools-cmake.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Ensure that GNU Autotools and CMake build systems agree From b1c7b3faa6a14b416924f27b351b674714b19043 Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 6 Mar 2023 11:21:11 -0300 Subject: [PATCH 2/9] chore cmake-required-version write all Signed-off-by: Joyce --- .github/workflows/cmake-required-version.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cmake-required-version.yml b/.github/workflows/cmake-required-version.yml index 33a958ee..534d084a 100644 --- a/.github/workflows/cmake-required-version.yml +++ b/.github/workflows/cmake-required-version.yml @@ -35,6 +35,8 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: write-all + jobs: checks: name: Ensure realistic minimum CMake version requirement From 20350af2da2c048aecdb2351c23945c5e5e440fa Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 6 Mar 2023 11:21:49 -0300 Subject: [PATCH 3/9] chore: set coverage.yml permissions. Signed-off-by: Joyce --- .github/workflows/coverage.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index e56dbc71..3b29d4af 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Collect test coverage From a9ddc7c16b1578d6b9451ac3ae959a72eded83ff Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 6 Mar 2023 11:22:27 -0300 Subject: [PATCH 4/9] chore: cppcheck as contents read Signed-off-by: Joyce --- .github/workflows/cppcheck.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml index cab9bcb4..346b9afa 100644 --- a/.github/workflows/cppcheck.yml +++ b/.github/workflows/cppcheck.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Run Cppcheck From edb6ff0a1d60b8fba451d6aa66bb5ebef7131cba Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 6 Mar 2023 11:22:56 -0300 Subject: [PATCH 5/9] chore: expat config with contents read Signed-off-by: Joyce --- .github/workflows/expat_config_h.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/expat_config_h.yml b/.github/workflows/expat_config_h.yml index f77e47ab..272e4b44 100644 --- a/.github/workflows/expat_config_h.yml +++ b/.github/workflows/expat_config_h.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Check expat_config.h.{in,cmake} for regressions From 4120f1f2a0225a47eb78c8af443221fae4242371 Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 6 Mar 2023 11:23:24 -0300 Subject: [PATCH 6/9] chore: linux.yml as contents read Signed-off-by: Joyce --- .github/workflows/linux.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 4cfd30a6..a403eb79 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Perform checks From 9252ad1c1304a4d5544c7efd771ff0ac932dec2e Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 6 Mar 2023 11:23:58 -0300 Subject: [PATCH 7/9] chore: macos as contents read Signed-off-by: Joyce --- .github/workflows/macos.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index cd5cf621..5b355ae8 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Perform checks From fbabafb07a5dddb1d6f9cba592ddb80daeab574a Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 6 Mar 2023 11:25:00 -0300 Subject: [PATCH 8/9] chore: valid-xml to contents: read Signed-off-by: Joyce --- .github/workflows/valid-xml.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/valid-xml.yml b/.github/workflows/valid-xml.yml index 2dcdec14..f9c0356e 100644 --- a/.github/workflows/valid-xml.yml +++ b/.github/workflows/valid-xml.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am +permissions: + contents: read + jobs: checks: name: Ensure well-formed and valid XML From c01d732693db93fc9b0401fda9579dc01dc4b5d7 Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 6 Mar 2023 11:31:44 -0300 Subject: [PATCH 9/9] chore: change cmake permission to read Signed-off-by: Joyce --- .github/workflows/cmake-required-version.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cmake-required-version.yml b/.github/workflows/cmake-required-version.yml index 534d084a..04b0fe49 100644 --- a/.github/workflows/cmake-required-version.yml +++ b/.github/workflows/cmake-required-version.yml @@ -35,7 +35,8 @@ on: schedule: - cron: '0 2 * * 5' # Every Friday at 2am -permissions: write-all +permissions: + contents: read jobs: checks: