mirror/ant-design
1
0
Fork 0
mirror of https://github.com/ant-design/ant-design.git synced 2025-08-06 16:06:28 +08:00
Code Issues Actions 17 Packages Projects Releases Wiki Activity

ci: Add GitHub token permissions for workflows (#34946)

Browse Source
This commit is contained in:
Varun Sharma 2022-04-10 20:15:26 -07:00 committed by GitHub
parent fd1265b220
commit 01a475af6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 126 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/compressed-size.yml vendored
View File

@ -9,8 +9,14 @@ concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
compressed-size:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: write # for preactjs/compressed-size-action to create PR comments
runs-on: ubuntu-latest
env:
CI_JOB_NUMBER: 1

6
.github/workflows/issue-check-inactive.yml vendored
View File

@ -4,8 +4,14 @@ on:
schedule:
- cron: "0 0 */15 * *"
permissions:
contents: read
jobs:
issue-check-inactive:
permissions:
issues: write # for actions-cool/issues-helper to update issues
pull-requests: write # for actions-cool/issues-helper to update PRs
runs-on: ubuntu-latest
steps:
- name: check-inactive

6
.github/workflows/issue-close-require.yml vendored
View File

@ -4,8 +4,14 @@ on:
schedule:
- cron: "0 0 * * *"
permissions:
contents: read
jobs:
issue-close-require:
permissions:
issues: write # for actions-cool/issues-helper to update issues
pull-requests: write # for actions-cool/issues-helper to update PRs
runs-on: ubuntu-latest
steps:
- name: need reproduce

6
.github/workflows/issue-labeled.yml vendored
View File

@ -6,8 +6,14 @@ on:
issues:
types: [labeled]
permissions:
contents: read
jobs:
issue-labeled:
permissions:
issues: write # for actions-cool/issues-helper to update issues
pull-requests: write # for actions-cool/issues-helper to update PRs
runs-on: ubuntu-latest
steps:
- name: help wanted

7
.github/workflows/issue-open-check.yml vendored
View File

@ -4,8 +4,15 @@ on:
issues:
types: [opened]
permissions:
contents: read
jobs:
issue-open-check:
permissions:
contents: read # for visiky/dingtalk-release-notify to get latest release
issues: write # for actions-cool/issues-helper to update issues
pull-requests: write # for actions-cool/issues-helper to update PRs
runs-on: ubuntu-latest
steps:
- uses: actions-cool/check-user-permission@v2

6
.github/workflows/issue-remove-inactive.yml vendored
View File

@ -6,8 +6,14 @@ on:
issue_comment:
types: [created, edited]
permissions:
contents: read
jobs:
issue-remove-inactive:
permissions:
issues: write # for actions-cool/issues-helper to update issues
pull-requests: write # for actions-cool/issues-helper to update PRs
runs-on: ubuntu-latest
steps:
- name: remove inactive

5
.github/workflows/issues-similarity-analysis.yml vendored
View File

@ -4,8 +4,13 @@ on:
issues:
types: [opened, edited]
permissions:
contents: read
jobs:
similarity-analysis:
permissions:
issues: write # for actions-cool/issues-similarity-analysis to create issue comments
runs-on: ubuntu-latest
steps:
- name: analysis

8
.github/workflows/pr-check-ci.yml vendored
View File

@ -5,8 +5,16 @@ on:
schedule:
- cron: "*/10 * * * *"
permissions:
contents: read
jobs:
pr-check-ci:
permissions:
checks: read # for actions-cool/check-pr-ci to get check reference
contents: write # for actions-cool/check-pr-ci to merge PRs
issues: write # for actions-cool/check-pr-ci to update issues
pull-requests: write # for actions-cool/check-pr-ci to update PRs
runs-on: ubuntu-latest
steps:
- uses: actions-cool/check-pr-ci@v1

6
.github/workflows/pr-check-merge.yml vendored
View File

@ -4,8 +4,14 @@ on:
pull_request_target:
types: [opened]
permissions:
contents: read
jobs:
pr-check-merge:
permissions:
issues: write # for actions-cool/issues-helper to update issues
pull-requests: write # for actions-cool/issues-helper to update PRs
runs-on: ubuntu-latest
if: (github.event.pull_request.head.ref == 'feature' || github.event.pull_request.head.ref == 'master') && github.event.pull_request.head.user.login == 'ant-design'
steps:

8
.github/workflows/pr-open-check.yml vendored
View File

@ -4,8 +4,14 @@ on:
pull_request_target:
types: [opened, edited, reopened, synchronize]
permissions:
contents: read
jobs:
refuse:
permissions:
issues: write # for actions-cool/pr-welcome to create, update & react on issues
pull-requests: write # for actions-cool/pr-welcome to request reviewer
runs-on: ubuntu-latest
steps:
- uses: actions-cool/pr-welcome@v1
@ -19,6 +25,8 @@ jobs:
close: true
check-changelog:
permissions:
pull-requests: write # for actions-cool/pr-check-fill to create or update PR comments
runs-on: ubuntu-latest
steps:
- name: check fill

3
.github/workflows/preview-build.yml vendored
View File

@ -11,6 +11,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
# Prepare node modules. Reuse cache if available
setup:

11
.github/workflows/preview-deploy.yml vendored
View File

@ -8,8 +8,15 @@ on:
types:
- completed
permissions:
contents: read
jobs:
deploy-site:
permissions:
actions: read # for dawidd6/action-download-artifact to query and download artifacts
issues: write # for actions-cool/maintain-one-comment to modify or create issue comments
pull-requests: write # for actions-cool/maintain-one-comment to modify or create PR comments
name: deploy preview
runs-on: ubuntu-latest
if: >
@ -65,6 +72,10 @@ jobs:
number: ${{ steps.pr.outputs.id }}
build-site-failed:
permissions:
actions: read # for dawidd6/action-download-artifact to query and download artifacts
issues: write # for actions-cool/maintain-one-comment to modify or create issue comments
pull-requests: write # for actions-cool/maintain-one-comment to modify or create PR comments
name: build preview failed
runs-on: ubuntu-latest
if: >

6
.github/workflows/preview-start.yml vendored
View File

@ -10,8 +10,14 @@ on:
pull_request_target:
types: [opened, synchronize, reopened]
permissions:
contents: read
jobs:
preview-start:
permissions:
issues: write # for actions-cool/maintain-one-comment to modify or create issue comments
pull-requests: write # for actions-cool/maintain-one-comment to modify or create PR comments
name: start preview info
runs-on: ubuntu-latest
steps:

6
.github/workflows/rebase.yml vendored
View File

@ -4,8 +4,14 @@ on:
issue_comment:
types: [created]
permissions:
contents: read
jobs:
rebase:
permissions:
contents: write # for cirrus-actions/rebase to push code to rebase
pull-requests: read # for cirrus-actions/rebase to get info about PR
name: Rebase
if: github.event.issue.pull_request != '' && (contains(github.event.comment.body, '/rebase') || contains(github.event.comment.body, '\rebase'))
runs-on: ubuntu-latest

5
.github/workflows/release-helper.yml vendored
View File

@ -10,8 +10,13 @@ name: Release Helper
on:
create
permissions:
contents: read
jobs:
release-helper:
permissions:
contents: write # for actions-cool/release-helper to create releases
if: github.event.ref_type == 'tag'
runs-on: ubuntu-latest
steps:

3
.github/workflows/site-deploy.yml vendored
View File

@ -4,6 +4,9 @@ name: Deploy website
on:
create
permissions:
contents: read
jobs:
setup:
runs-on: ubuntu-latest

5
.github/workflows/sync-gitee.yml vendored
View File

@ -10,8 +10,13 @@ on:
- 3.x-stable
create:
permissions:
contents: read
jobs:
mirror:
permissions:
contents: none
runs-on: ubuntu-latest
if: github.repository == 'ant-design/ant-design'
steps:

3
.github/workflows/test.yml vendored
View File

@ -9,6 +9,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
setup:
runs-on: ubuntu-latest

6
.github/workflows/ui-upload.yml vendored
View File

@ -8,8 +8,14 @@ on:
types:
- completed
permissions:
contents: read
jobs:
upload-ui:
permissions:
actions: read # for dawidd6/action-download-artifact to query and download artifacts
pull-requests: read # for dawidd6/action-download-artifact to query commit hash
name: deploy preview
runs-on: ubuntu-latest
if: >

3
.github/workflows/ui.yml vendored
View File

@ -12,6 +12,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
test:
runs-on: ubuntu-latest

5
.github/workflows/verify-files-modify.yml vendored
View File

@ -4,8 +4,13 @@ on:
pull_request_target:
types: [opened, synchronize]
permissions:
contents: read
jobs:
verify:
permissions:
pull-requests: write # for actions-cool/verify-files-modify to update status of PRs
runs-on: ubuntu-latest
steps:
- name: verify-version

6
.github/workflows/verify-package-version.yml vendored
View File

@ -4,8 +4,14 @@ on:
pull_request:
types: [opened, edited, reopened, synchronize, ready_for_review]
permissions:
contents: read
jobs:
verify:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: write # for actions-cool/verify-package-version to comment on PR
runs-on: ubuntu-latest
if: contains(github.event.pull_request.title, 'changelog') || contains(github.event.pull_request.title, 'release')
steps: