Browse Source
Merge pull request #2874 from naveensrinivasan/naveen/feat/set-perms-actions
Set permissions for GitHub actions
pull/2875/head
Chris Lu
3 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with
29 additions and
0 deletions
-
.github/workflows/binaries_dev.yml
-
.github/workflows/binaries_release0.yml
-
.github/workflows/binaries_release1.yml
-
.github/workflows/binaries_release2.yml
-
.github/workflows/binaries_release3.yml
|
|
@ -4,9 +4,14 @@ on: |
|
|
push: |
|
|
push: |
|
|
branches: [ master ] |
|
|
branches: [ master ] |
|
|
|
|
|
|
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: read |
|
|
|
|
|
|
|
|
jobs: |
|
|
jobs: |
|
|
|
|
|
|
|
|
cleanup: |
|
|
cleanup: |
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: write # for mknejp/delete-release-assets to delete release assets |
|
|
runs-on: ubuntu-latest |
|
|
runs-on: ubuntu-latest |
|
|
|
|
|
|
|
|
steps: |
|
|
steps: |
|
|
@ -21,6 +26,8 @@ jobs: |
|
|
weed-* |
|
|
weed-* |
|
|
|
|
|
|
|
|
build_dev_linux_windows: |
|
|
build_dev_linux_windows: |
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: write # for wangyoucao577/go-release-action to upload release assets |
|
|
needs: cleanup |
|
|
needs: cleanup |
|
|
runs-on: ubuntu-latest |
|
|
runs-on: ubuntu-latest |
|
|
strategy: |
|
|
strategy: |
|
|
@ -68,6 +75,8 @@ jobs: |
|
|
asset_name: "weed-${{ env.BUILD_TIME }}-${{ matrix.goos }}-${{ matrix.goarch }}" |
|
|
asset_name: "weed-${{ env.BUILD_TIME }}-${{ matrix.goos }}-${{ matrix.goarch }}" |
|
|
|
|
|
|
|
|
build_dev_darwin: |
|
|
build_dev_darwin: |
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: write # for wangyoucao577/go-release-action to upload release assets |
|
|
needs: build_dev_linux_windows |
|
|
needs: build_dev_linux_windows |
|
|
runs-on: ubuntu-latest |
|
|
runs-on: ubuntu-latest |
|
|
strategy: |
|
|
strategy: |
|
|
|
|
|
@ -11,9 +11,14 @@ on: |
|
|
workflow_dispatch: |
|
|
workflow_dispatch: |
|
|
|
|
|
|
|
|
# A workflow run is made up of one or more jobs that can run sequentially or in parallel |
|
|
# A workflow run is made up of one or more jobs that can run sequentially or in parallel |
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: read |
|
|
|
|
|
|
|
|
jobs: |
|
|
jobs: |
|
|
|
|
|
|
|
|
build-release-binaries_windows: |
|
|
build-release-binaries_windows: |
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: write # for wangyoucao577/go-release-action to upload release assets |
|
|
runs-on: ubuntu-latest |
|
|
runs-on: ubuntu-latest |
|
|
strategy: |
|
|
strategy: |
|
|
matrix: |
|
|
matrix: |
|
|
|
|
|
@ -11,9 +11,14 @@ on: |
|
|
workflow_dispatch: |
|
|
workflow_dispatch: |
|
|
|
|
|
|
|
|
# A workflow run is made up of one or more jobs that can run sequentially or in parallel |
|
|
# A workflow run is made up of one or more jobs that can run sequentially or in parallel |
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: read |
|
|
|
|
|
|
|
|
jobs: |
|
|
jobs: |
|
|
|
|
|
|
|
|
build-release-binaries_linux: |
|
|
build-release-binaries_linux: |
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: write # for wangyoucao577/go-release-action to upload release assets |
|
|
runs-on: ubuntu-latest |
|
|
runs-on: ubuntu-latest |
|
|
strategy: |
|
|
strategy: |
|
|
matrix: |
|
|
matrix: |
|
|
|
|
|
@ -11,9 +11,14 @@ on: |
|
|
workflow_dispatch: |
|
|
workflow_dispatch: |
|
|
|
|
|
|
|
|
# A workflow run is made up of one or more jobs that can run sequentially or in parallel |
|
|
# A workflow run is made up of one or more jobs that can run sequentially or in parallel |
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: read |
|
|
|
|
|
|
|
|
jobs: |
|
|
jobs: |
|
|
|
|
|
|
|
|
build-release-binaries_darwin: |
|
|
build-release-binaries_darwin: |
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: write # for wangyoucao577/go-release-action to upload release assets |
|
|
runs-on: ubuntu-latest |
|
|
runs-on: ubuntu-latest |
|
|
strategy: |
|
|
strategy: |
|
|
matrix: |
|
|
matrix: |
|
|
|
|
|
@ -11,9 +11,14 @@ on: |
|
|
workflow_dispatch: |
|
|
workflow_dispatch: |
|
|
|
|
|
|
|
|
# A workflow run is made up of one or more jobs that can run sequentially or in parallel |
|
|
# A workflow run is made up of one or more jobs that can run sequentially or in parallel |
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: read |
|
|
|
|
|
|
|
|
jobs: |
|
|
jobs: |
|
|
|
|
|
|
|
|
build-release-binaries_freebsd: |
|
|
build-release-binaries_freebsd: |
|
|
|
|
|
permissions: |
|
|
|
|
|
contents: write # for wangyoucao577/go-release-action to upload release assets |
|
|
runs-on: ubuntu-latest |
|
|
runs-on: ubuntu-latest |
|
|
strategy: |
|
|
strategy: |
|
|
matrix: |
|
|
matrix: |
|
|
|
