From 2818944a09fa9f048e93cae56a07285d3e8f3c52 Mon Sep 17 00:00:00 2001 From: Tomasz Gromadzki Date: Mon, 23 Sep 2024 06:09:42 +0200 Subject: [PATCH] common: permission test Signed-off-by: Tomasz Gromadzki --- .github/workflows/docker_rebuild.yml | 3 +-- .github/workflows/main.yml | 3 +-- .github/workflows/nightly.yml | 3 +-- .github/workflows/pmem_benchmark.yml | 3 +-- .github/workflows/pmem_ras.yml | 3 +-- .github/workflows/pmem_test_matrix.yml | 3 +-- .github/workflows/pmem_tests.yml | 3 +-- .github/workflows/scan_bandit.yml | 3 +-- .github/workflows/scan_coverage.yml | 3 +-- .github/workflows/scan_coverity.yml | 3 +-- .github/workflows/scan_documentation.yml | 3 +-- .github/workflows/scan_log_calls.yml | 3 +-- .github/workflows/scan_stack_usage.yml | 3 +-- .github/workflows/scan_ubsan.yml | 3 +-- .github/workflows/scans.yml | 3 +-- .github/workflows/ubuntu.yml | 3 +-- 16 files changed, 16 insertions(+), 32 deletions(-) diff --git a/.github/workflows/docker_rebuild.yml b/.github/workflows/docker_rebuild.yml index 34a399aca2..bda0084213 100644 --- a/.github/workflows/docker_rebuild.yml +++ b/.github/workflows/docker_rebuild.yml @@ -23,8 +23,7 @@ env: WORKDIR: utils/docker PUSH_IMAGE: 1 -permissions: - contents: read +permissions: {} jobs: image: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f65e98ada4..08d6c815e7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -5,8 +5,7 @@ on: workflow_dispatch: pull_request: -permissions: - contents: read +permissions: {} jobs: src_checkers: diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index d8b73f89a3..4e73fff0f9 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -19,8 +19,7 @@ env: PMDK_CXX: g++ SRC_CHECKERS: 0 -permissions: - contents: read +permissions: {} jobs: in-tree: diff --git a/.github/workflows/pmem_benchmark.yml b/.github/workflows/pmem_benchmark.yml index 2b3edb9788..2882d5d266 100644 --- a/.github/workflows/pmem_benchmark.yml +++ b/.github/workflows/pmem_benchmark.yml @@ -10,8 +10,7 @@ on: type: string default: master -permissions: - contents: read +permissions: {} jobs: prep_runtime: diff --git a/.github/workflows/pmem_ras.yml b/.github/workflows/pmem_ras.yml index 76673480f2..c4d0b4f639 100644 --- a/.github/workflows/pmem_ras.yml +++ b/.github/workflows/pmem_ras.yml @@ -30,8 +30,7 @@ on: # run this job every 8 hours - cron: '0 */8 * * *' -permissions: - contents: read +permissions: {} jobs: linux: diff --git a/.github/workflows/pmem_test_matrix.yml b/.github/workflows/pmem_test_matrix.yml index 837f1b895f..453585969a 100644 --- a/.github/workflows/pmem_test_matrix.yml +++ b/.github/workflows/pmem_test_matrix.yml @@ -17,8 +17,7 @@ on: type: number default: 360 # The jobs..timeout-minutes default. -permissions: - contents: read +permissions: {} jobs: job: diff --git a/.github/workflows/pmem_tests.yml b/.github/workflows/pmem_tests.yml index 3edf319346..b16cdd2f2d 100644 --- a/.github/workflows/pmem_tests.yml +++ b/.github/workflows/pmem_tests.yml @@ -9,8 +9,7 @@ on: # run this job at 18:00 UTC every day - cron: '0 18 * * *' -permissions: - contents: read +permissions: {} jobs: # Test the default build with the basic test suite. diff --git a/.github/workflows/scan_bandit.yml b/.github/workflows/scan_bandit.yml index 0bfd69be9d..1295541946 100644 --- a/.github/workflows/scan_bandit.yml +++ b/.github/workflows/scan_bandit.yml @@ -9,8 +9,7 @@ env: PMREORDER: src/tools/pmreorder/*.py CALL_STACKS_ANALYSIS: utils/call_stacks_analysis/*.py -permissions: - contents: read +permissions: {} jobs: bandit: diff --git a/.github/workflows/scan_coverage.yml b/.github/workflows/scan_coverage.yml index 83b83d6830..1583c69e0e 100644 --- a/.github/workflows/scan_coverage.yml +++ b/.github/workflows/scan_coverage.yml @@ -24,8 +24,7 @@ env: TEST_BUILD: debug FAULT_INJECTION: 1 -permissions: - contents: read +permissions: {} jobs: linux: diff --git a/.github/workflows/scan_coverity.yml b/.github/workflows/scan_coverity.yml index 0a920d5ac9..cb6b49bb70 100644 --- a/.github/workflows/scan_coverity.yml +++ b/.github/workflows/scan_coverity.yml @@ -21,8 +21,7 @@ env: VALGRIND: 1 COVERITY: 1 -permissions: - contents: read +permissions: {} jobs: linux: diff --git a/.github/workflows/scan_documentation.yml b/.github/workflows/scan_documentation.yml index 4ced019510..2ee91a4a26 100644 --- a/.github/workflows/scan_documentation.yml +++ b/.github/workflows/scan_documentation.yml @@ -4,8 +4,7 @@ name: Documentation on: workflow_call: -permissions: - contents: read +permissions: {} jobs: linux: diff --git a/.github/workflows/scan_log_calls.yml b/.github/workflows/scan_log_calls.yml index 7c33b40022..12c4bf6700 100644 --- a/.github/workflows/scan_log_calls.yml +++ b/.github/workflows/scan_log_calls.yml @@ -5,8 +5,7 @@ on: workflow_dispatch: workflow_call: -permissions: - contents: read +permissions: {} jobs: log-calls: diff --git a/.github/workflows/scan_stack_usage.yml b/.github/workflows/scan_stack_usage.yml index b82fe1004e..416fafe24f 100644 --- a/.github/workflows/scan_stack_usage.yml +++ b/.github/workflows/scan_stack_usage.yml @@ -8,8 +8,7 @@ on: env: CALL_STACKS_TOOLS_PATH: pmdk/utils/call_stacks_analysis -permissions: - contents: read +permissions: {} jobs: stack-usage: diff --git a/.github/workflows/scan_ubsan.yml b/.github/workflows/scan_ubsan.yml index 0f4c7ef506..9d5065143b 100644 --- a/.github/workflows/scan_ubsan.yml +++ b/.github/workflows/scan_ubsan.yml @@ -18,8 +18,7 @@ env: UBSAN: 1 FAULT_INJECTION: 1 -permissions: - contents: read +permissions: {} jobs: linux: diff --git a/.github/workflows/scans.yml b/.github/workflows/scans.yml index 387aff7a73..1c05ae9775 100644 --- a/.github/workflows/scans.yml +++ b/.github/workflows/scans.yml @@ -7,8 +7,7 @@ on: # run this job at 00:00 UTC every day - cron: '0 0 * * *' -permissions: - contents: read +permissions: {} jobs: call-bandit: diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml index 7c06ccdf4a..846ba06c84 100644 --- a/.github/workflows/ubuntu.yml +++ b/.github/workflows/ubuntu.yml @@ -8,8 +8,7 @@ env: GITHUB_REPO: pmem/pmdk DOCKER_REPO: ghcr.io/pmem/pmdk -permissions: - contents: read +permissions: {} jobs: linux: