From 14f37f1849c5540800fc27b36cd112adefaa8c7a Mon Sep 17 00:00:00 2001 From: Alex Boten <223565+codeboten@users.noreply.github.com> Date: Mon, 23 Dec 2024 10:52:16 -0800 Subject: [PATCH] [chore] minor cleanup in workflows (#11971) shorten ``` permissions: contents: all ``` to ``` permissions: read-all ``` Signed-off-by: Alex Boten <223565+codeboten@users.noreply.github.com> --- .github/workflows/api-compatibility.yml | 3 +-- .github/workflows/build-and-test-arm.yml | 3 +-- .github/workflows/build-and-test-windows.yaml | 3 +-- .github/workflows/build-and-test.yml | 3 +-- .github/workflows/builder-integration-test.yaml | 5 ++--- .github/workflows/changelog.yml | 3 +-- .github/workflows/check-links.yaml | 3 +-- .github/workflows/codeql-analysis.yml | 3 +-- .github/workflows/contrib-tests.yml | 3 +-- .../workflows/generate-semantic-conventions-pr.yaml | 3 +-- .github/workflows/perf.yml | 3 +-- .github/workflows/shellcheck.yml | 7 +++---- .github/workflows/stale-pr.yaml | 11 +++++------ .github/workflows/tidy-dependencies.yml | 3 +-- 14 files changed, 21 insertions(+), 35 deletions(-) diff --git a/.github/workflows/api-compatibility.yml b/.github/workflows/api-compatibility.yml index 419affb9213..91cac92747f 100644 --- a/.github/workflows/api-compatibility.yml +++ b/.github/workflows/api-compatibility.yml @@ -10,8 +10,7 @@ on: branches: - main -permissions: - contents: read +permissions: read-all jobs: Check-Compatibility: diff --git a/.github/workflows/build-and-test-arm.yml b/.github/workflows/build-and-test-arm.yml index 90578199c70..1da12210ca8 100644 --- a/.github/workflows/build-and-test-arm.yml +++ b/.github/workflows/build-and-test-arm.yml @@ -13,8 +13,7 @@ env: # We limit cache download as a whole to 5 minutes. SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2 -permissions: - contents: read +permissions: read-all # Do not cancel this workflow on main. See https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/16616 concurrency: diff --git a/.github/workflows/build-and-test-windows.yaml b/.github/workflows/build-and-test-windows.yaml index f2032b7ef16..245f20702a5 100644 --- a/.github/workflows/build-and-test-windows.yaml +++ b/.github/workflows/build-and-test-windows.yaml @@ -12,8 +12,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} cancel-in-progress: true -permissions: - contents: read +permissions: read-all jobs: windows-unittest: diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 870a47f6d53..81cc1697969 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -8,8 +8,7 @@ on: types: [checks_requested] pull_request: -permissions: - contents: read +permissions: read-all concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} diff --git a/.github/workflows/builder-integration-test.yaml b/.github/workflows/builder-integration-test.yaml index 9d3e41f488c..de8f4cdf462 100644 --- a/.github/workflows/builder-integration-test.yaml +++ b/.github/workflows/builder-integration-test.yaml @@ -15,7 +15,7 @@ on: # manual execution workflow_dispatch: - + merge_group: types: [checks_requested] @@ -23,8 +23,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} cancel-in-progress: true -permissions: - contents: read +permissions: read-all jobs: integration-test: diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index a85d94c43e8..847cc2903c0 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -16,8 +16,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} cancel-in-progress: true -permissions: - contents: read +permissions: read-all jobs: changelog: diff --git a/.github/workflows/check-links.yaml b/.github/workflows/check-links.yaml index dd4459bda2a..5454b93ba6a 100644 --- a/.github/workflows/check-links.yaml +++ b/.github/workflows/check-links.yaml @@ -10,8 +10,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} cancel-in-progress: true -permissions: - contents: read +permissions: read-all jobs: changedfiles: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9f528b69362..0289f486500 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -8,8 +8,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} cancel-in-progress: true -permissions: - contents: read +permissions: read-all jobs: CodeQL-Build: diff --git a/.github/workflows/contrib-tests.yml b/.github/workflows/contrib-tests.yml index 3d53932ce51..da8babba57d 100644 --- a/.github/workflows/contrib-tests.yml +++ b/.github/workflows/contrib-tests.yml @@ -14,8 +14,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} cancel-in-progress: true -permissions: - contents: read +permissions: read-all jobs: contrib-tests-matrix: diff --git a/.github/workflows/generate-semantic-conventions-pr.yaml b/.github/workflows/generate-semantic-conventions-pr.yaml index 1ee2cc0ac51..66ffa7133d7 100644 --- a/.github/workflows/generate-semantic-conventions-pr.yaml +++ b/.github/workflows/generate-semantic-conventions-pr.yaml @@ -6,8 +6,7 @@ on: - cron: "30 1 * * *" workflow_dispatch: -permissions: - contents: read +permissions: read-all jobs: check-versions: diff --git a/.github/workflows/perf.yml b/.github/workflows/perf.yml index f9d5d977c7b..48c961a9e96 100644 --- a/.github/workflows/perf.yml +++ b/.github/workflows/perf.yml @@ -4,8 +4,7 @@ on: push: branches: [main] -permissions: - contents: read +permissions: read-all jobs: runperf: diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 99ad4d48737..d11c9e76a14 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -1,14 +1,13 @@ name: Shellcheck lint on: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] + branches: [main] merge_group: types: [checks_requested] -permissions: - contents: read +permissions: read-all jobs: shellcheck: diff --git a/.github/workflows/stale-pr.yaml b/.github/workflows/stale-pr.yaml index 312fb051980..9d11ff0ea02 100644 --- a/.github/workflows/stale-pr.yaml +++ b/.github/workflows/stale-pr.yaml @@ -3,21 +3,20 @@ on: schedule: - cron: "12 3 * * *" # arbitrary time not to DDOS GitHub -permissions: - contents: read +permissions: read-all jobs: stale: permissions: - issues: write # for actions/stale to close stale issues - pull-requests: write # for actions/stale to close stale PRs + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - stale-pr-message: 'This PR was marked stale due to lack of activity. It will be closed in 14 days.' - close-pr-message: 'Closed as inactive. Feel free to reopen if this PR is still being worked on.' + stale-pr-message: "This PR was marked stale due to lack of activity. It will be closed in 14 days." + close-pr-message: "Closed as inactive. Feel free to reopen if this PR is still being worked on." days-before-pr-stale: 14 days-before-issue-stale: 730 days-before-pr-close: 14 diff --git a/.github/workflows/tidy-dependencies.yml b/.github/workflows/tidy-dependencies.yml index dd7edfceb40..830a46a9322 100644 --- a/.github/workflows/tidy-dependencies.yml +++ b/.github/workflows/tidy-dependencies.yml @@ -5,8 +5,7 @@ on: branches: - main -permissions: - contents: read +permissions: read-all jobs: setup-environment: