From da8e662bf86cbba2232c49325ed89e9119686627 Mon Sep 17 00:00:00 2001 From: Alexandru Placinta Date: Thu, 2 Nov 2023 08:18:51 +0100 Subject: [PATCH] Add cron & read permissions to workflows --- .github/workflows/check.yml | 6 ++++++ .github/workflows/codeql.yml | 10 +++++----- .github/workflows/test_components_input.yml | 12 ++++++++++++ .github/workflows/test_default_input.yml | 12 ++++++++++++ .github/workflows/test_install_stable_nightly.yml | 12 ++++++++++++ .github/workflows/test_override_input.yml | 12 ++++++++++++ .github/workflows/test_targets_input.yml | 12 ++++++++++++ .github/workflows/test_toolchain_input.yml | 12 ++++++++++++ .github/workflows/unit_tests.yml | 6 ++++++ 9 files changed, 89 insertions(+), 5 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 79ea3998..dd97469c 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -4,6 +4,12 @@ on: branches: - main pull_request: + # The branches below must be a subset of the branches above + branches: + - main + schedule: + # Every Monday at midnight: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule + - cron: "0 0 * * 1" permissions: contents: read concurrency: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 48d31410..7dfd8f19 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,20 +13,20 @@ name: CodeQL on: push: branches: - - "main" + - main pull_request: # The branches below must be a subset of the branches above branches: - - "main" + - main schedule: # Every Monday at midnight: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule - - cron: '0 0 * * 1' + - cron: "0 0 * * 1" +permissions: + contents: read concurrency: # Cancel old actions upon push group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true -permissions: - contents: read jobs: analyze: name: Analyze diff --git a/.github/workflows/test_components_input.yml b/.github/workflows/test_components_input.yml index d2c06ed5..8a917269 100644 --- a/.github/workflows/test_components_input.yml +++ b/.github/workflows/test_components_input.yml @@ -4,6 +4,18 @@ on: branches: - main pull_request: + # The branches below must be a subset of the branches above + branches: + - main + schedule: + # Every Monday at midnight: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule + - cron: "0 0 * * 1" +permissions: + contents: read +concurrency: + # Cancel old actions upon push + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: install_on_runner: runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test_default_input.yml b/.github/workflows/test_default_input.yml index bc2f4f83..e34b5913 100644 --- a/.github/workflows/test_default_input.yml +++ b/.github/workflows/test_default_input.yml @@ -4,6 +4,18 @@ on: branches: - main pull_request: + # The branches below must be a subset of the branches above + branches: + - main + schedule: + # Every Monday at midnight: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule + - cron: "0 0 * * 1" +permissions: + contents: read +concurrency: + # Cancel old actions upon push + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: install_on_runner: runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test_install_stable_nightly.yml b/.github/workflows/test_install_stable_nightly.yml index 6598e518..22aa43b6 100644 --- a/.github/workflows/test_install_stable_nightly.yml +++ b/.github/workflows/test_install_stable_nightly.yml @@ -4,6 +4,18 @@ on: branches: - main pull_request: + # The branches below must be a subset of the branches above + branches: + - main + schedule: + # Every Monday at midnight: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule + - cron: "0 0 * * 1" +permissions: + contents: read +concurrency: + # Cancel old actions upon push + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: install_on_runner: runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test_override_input.yml b/.github/workflows/test_override_input.yml index 39bf2a28..69ff6da6 100644 --- a/.github/workflows/test_override_input.yml +++ b/.github/workflows/test_override_input.yml @@ -4,6 +4,18 @@ on: branches: - main pull_request: + # The branches below must be a subset of the branches above + branches: + - main + schedule: + # Every Monday at midnight: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule + - cron: "0 0 * * 1" +permissions: + contents: read +concurrency: + # Cancel old actions upon push + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: install_on_runner: runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test_targets_input.yml b/.github/workflows/test_targets_input.yml index fecb74f3..57716c27 100644 --- a/.github/workflows/test_targets_input.yml +++ b/.github/workflows/test_targets_input.yml @@ -4,6 +4,18 @@ on: branches: - main pull_request: + # The branches below must be a subset of the branches above + branches: + - main + schedule: + # Every Monday at midnight: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule + - cron: "0 0 * * 1" +permissions: + contents: read +concurrency: + # Cancel old actions upon push + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: install_on_runner: runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test_toolchain_input.yml b/.github/workflows/test_toolchain_input.yml index 25101ab5..d9bb0551 100644 --- a/.github/workflows/test_toolchain_input.yml +++ b/.github/workflows/test_toolchain_input.yml @@ -4,6 +4,18 @@ on: branches: - main pull_request: + # The branches below must be a subset of the branches above + branches: + - main + schedule: + # Every Monday at midnight: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule + - cron: "0 0 * * 1" +permissions: + contents: read +concurrency: + # Cancel old actions upon push + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: install_on_runner: runs-on: ${{ matrix.os }} diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index 941f23cd..7a42837a 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -4,6 +4,12 @@ on: branches: - main pull_request: + # The branches below must be a subset of the branches above + branches: + - main + schedule: + # Every Monday at midnight: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule + - cron: "0 0 * * 1" permissions: contents: read concurrency: