diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d284b033..eb6d721b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,7 +2,6 @@ name: CI permissions: contents: read - pull-requests: write on: push: @@ -35,6 +34,9 @@ jobs: runs-on: ubuntu-latest outputs: files_changed: ${{ steps.changed_files.outputs.files_changed }} + permissions: + contents: read + pull-requests: write steps: - uses: actions/checkout@v4 with: @@ -111,6 +113,8 @@ jobs: runs-on: ubuntu-latest needs: build if: needs.build.outputs.files_changed != 'true' + permissions: + contents: read steps: - name: Checkout into dir1 uses: actions/checkout@v4 @@ -185,7 +189,8 @@ jobs: needs: build runs-on: ubuntu-latest if: github.event_name == 'push' && needs.build.outputs.files_changed != 'true' - + permissions: + contents: read steps: - name: Checkout branch uses: actions/checkout@v4 @@ -243,6 +248,8 @@ jobs: runs-on: ubuntu-latest needs: build if: needs.build.outputs.files_changed != 'true' + permissions: + contents: read steps: - name: Checkout branch @@ -285,6 +292,8 @@ jobs: github.event_name == 'push' || github.event_name == 'pull_request' ) && needs.build.outputs.files_changed != 'true' + permissions: + contents: read steps: - name: Checkout branch @@ -315,6 +324,8 @@ jobs: runs-on: ubuntu-latest needs: build if: needs.build.outputs.files_changed != 'true' + permissions: + contents: read strategy: fail-fast: false @@ -354,6 +365,8 @@ jobs: runs-on: ubuntu-latest needs: build if: github.event_name != 'push' && needs.build.outputs.files_changed != 'true' + permissions: + contents: read steps: - name: Checkout branch @@ -381,6 +394,8 @@ jobs: runs-on: ubuntu-latest needs: build if: github.event_name != 'push' && needs.build.outputs.files_changed != 'true' + permissions: + contents: read strategy: fail-fast: false max-parallel: 4 @@ -415,7 +430,8 @@ jobs: runs-on: ubuntu-latest needs: build if: needs.build.outputs.files_changed != 'true' - + permissions: + contents: read steps: - name: Checkout branch uses: actions/checkout@v4 @@ -469,7 +485,8 @@ jobs: runs-on: ubuntu-latest needs: build if: needs.build.outputs.files_changed != 'true' - + permissions: + contents: read steps: - name: Checkout branch uses: actions/checkout@v4 @@ -556,7 +573,7 @@ jobs: needs: build if: github.event_name == 'push' && needs.build.outputs.files_changed != 'true' permissions: - pull-requests: read + contents: read steps: - name: Checkout into dir1 uses: actions/checkout@v4 @@ -588,6 +605,8 @@ jobs: runs-on: ubuntu-latest needs: build if: needs.build.outputs.files_changed != 'true' + permissions: + contents: read strategy: fail-fast: false max-parallel: 4 @@ -631,6 +650,8 @@ jobs: runs-on: ubuntu-latest needs: build if: needs.build.outputs.files_changed != 'true' + permissions: + contents: read strategy: fail-fast: false max-parallel: 4 @@ -706,6 +727,8 @@ jobs: runs-on: ubuntu-latest needs: build if: needs.build.outputs.files_changed != 'true' + permissions: + contents: read strategy: fail-fast: false max-parallel: 4 @@ -896,6 +919,8 @@ jobs: runs-on: ubuntu-latest needs: build if: needs.build.outputs.files_changed != 'true' + permissions: + contents: read steps: - name: Checkout branch uses: actions/checkout@v4 @@ -929,6 +954,8 @@ jobs: runs-on: ubuntu-latest needs: build if: needs.build.outputs.files_changed != 'true' + permissions: + contents: read steps: - name: Checkout branch uses: actions/checkout@v4 @@ -970,6 +997,8 @@ jobs: runs-on: ubuntu-latest needs: build if: needs.build.outputs.files_changed != 'true' + permissions: + contents: read strategy: fail-fast: false max-parallel: 4 @@ -1020,6 +1049,8 @@ jobs: runs-on: ${{ matrix.platform }} needs: build if: needs.build.outputs.files_changed != 'true' + permissions: + contents: read strategy: fail-fast: false max-parallel: 4 @@ -1050,7 +1081,7 @@ jobs: echo '${{ toJSON(steps.changed-files.outputs) }}' shell: bash - - name: Run changed-files with dir name + - name: Run changed-files with dir name pattern id: changed-files-dir-name uses: ./ with: