From 29403051568ddd1a78cedf5f9c74df89253ff0c8 Mon Sep 17 00:00:00 2001 From: John Stilley Date: Mon, 2 Sep 2024 15:58:37 -0700 Subject: [PATCH] Adding GitHub content protection rule to CI --- .github/workflows/black.yaml | 27 ++++++++++++++----------- .github/workflows/coverage.yaml | 3 +++ .github/workflows/licensechecker.yaml | 5 +++++ .github/workflows/linting.yaml | 3 +++ .github/workflows/mac_tests.yaml | 3 +++ .github/workflows/unittests.yaml | 3 +++ .github/workflows/validatemanifest.yaml | 3 +++ .github/workflows/wintests.yaml | 3 +++ 8 files changed, 38 insertions(+), 12 deletions(-) diff --git a/.github/workflows/black.yaml b/.github/workflows/black.yaml index bc42c84ad..352f6b569 100644 --- a/.github/workflows/black.yaml +++ b/.github/workflows/black.yaml @@ -2,17 +2,20 @@ name: black on: [push, pull_request] +permissions: + contents: read + # use workaround due to: https://github.com/psf/black/issues/2079#issuecomment-812359146 jobs: - check-formatting: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v2 - - name: Set up Python 3.11 - uses: actions/setup-python@v2 - with: - python-version: '3.11' - - name: Install Black - run: pip install 'black==22.6.0' - - name: Run black --check . - run: black --check . + check-formatting: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.11 + uses: actions/setup-python@v2 + with: + python-version: '3.11' + - name: Install Black + run: pip install 'black==22.6.0' + - name: Run black --check . + run: black --check . diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml index 3dd651479..34ac1c7eb 100644 --- a/.github/workflows/coverage.yaml +++ b/.github/workflows/coverage.yaml @@ -1,5 +1,8 @@ name: Coverage +permissions: + contents: read + on: push: branches: diff --git a/.github/workflows/licensechecker.yaml b/.github/workflows/licensechecker.yaml index abeee0e47..8a3bebe17 100644 --- a/.github/workflows/licensechecker.yaml +++ b/.github/workflows/licensechecker.yaml @@ -1,5 +1,10 @@ name: Check License Lines + +permissions: + contents: read + on: [push, pull_request] + jobs: check-license-lines: runs-on: ubuntu-24.04 diff --git a/.github/workflows/linting.yaml b/.github/workflows/linting.yaml index 89fca391d..d72e0664a 100644 --- a/.github/workflows/linting.yaml +++ b/.github/workflows/linting.yaml @@ -1,5 +1,8 @@ name: Linting +permissions: + contents: read + on: [push, pull_request] jobs: diff --git a/.github/workflows/mac_tests.yaml b/.github/workflows/mac_tests.yaml index 3cb782082..75d466536 100644 --- a/.github/workflows/mac_tests.yaml +++ b/.github/workflows/mac_tests.yaml @@ -1,5 +1,8 @@ name: ARMI MacOS Tests +permissions: + contents: read + on: push: paths-ignore: diff --git a/.github/workflows/unittests.yaml b/.github/workflows/unittests.yaml index 4dead8224..dafc04a84 100644 --- a/.github/workflows/unittests.yaml +++ b/.github/workflows/unittests.yaml @@ -1,5 +1,8 @@ name: ARMI unit tests +permissions: + contents: read + on: push: paths-ignore: diff --git a/.github/workflows/validatemanifest.yaml b/.github/workflows/validatemanifest.yaml index acd640208..d7cf36c49 100644 --- a/.github/workflows/validatemanifest.yaml +++ b/.github/workflows/validatemanifest.yaml @@ -1,5 +1,8 @@ name: Validate Manifest +permissions: + contents: read + on: [push, pull_request] jobs: diff --git a/.github/workflows/wintests.yaml b/.github/workflows/wintests.yaml index e141cb14a..1d77b5516 100644 --- a/.github/workflows/wintests.yaml +++ b/.github/workflows/wintests.yaml @@ -1,5 +1,8 @@ name: ARMI Windows tests +permissions: + contents: read + on: push: paths-ignore: