diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml index b16862117..8e4d6aed2 100644 --- a/.github/workflows/backend.yml +++ b/.github/workflows/backend.yml @@ -8,9 +8,10 @@ on: paths: - "kafka-ui-api/**" - "pom.xml" -permissions: +permissions: # TODO remove when public checks: write pull-requests: write + contents: read jobs: build-and-test: runs-on: ubuntu-latest diff --git a/.github/workflows/branch-deploy.yml b/.github/workflows/branch-deploy.yml index 1d6e9b920..c2e8b8ef9 100644 --- a/.github/workflows/branch-deploy.yml +++ b/.github/workflows/branch-deploy.yml @@ -8,6 +8,8 @@ jobs: build: if: ${{ github.event.label.name == 'status/feature_testing' || github.event.label.name == 'status/feature_testing_public' }} runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/branch-remove.yml b/.github/workflows/branch-remove.yml index 596f5542c..00b329167 100644 --- a/.github/workflows/branch-remove.yml +++ b/.github/workflows/branch-remove.yml @@ -6,6 +6,8 @@ on: jobs: remove: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read if: ${{ (github.event.label.name == 'status/feature_testing' || github.event.label.name == 'status/feature_testing_public') || (github.event.action == 'closed' && (contains(github.event.pull_request.labels.*.name, 'status/feature_testing') || contains(github.event.pull_request.labels.*.name, 'status/feature_testing_public'))) }} steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/build-public-image.yml b/.github/workflows/build-public-image.yml index 935c742b5..9cfa873b6 100644 --- a/.github/workflows/build-public-image.yml +++ b/.github/workflows/build-public-image.yml @@ -7,6 +7,8 @@ jobs: build: if: ${{ github.event.label.name == 'status/image_testing' }} runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 251ba31bf..21c8ee72a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -29,7 +29,8 @@ jobs: analyze: name: Analyze runs-on: ubuntu-latest - + permissions: # TODO remove when public + contents: read strategy: fail-fast: false matrix: diff --git a/.github/workflows/cve.yaml b/.github/workflows/cve.yaml index 32b2302cd..e4433c35e 100644 --- a/.github/workflows/cve.yaml +++ b/.github/workflows/cve.yaml @@ -4,9 +4,12 @@ on: schedule: # * is a special character in YAML so you have to quote this string - cron: '0 8 15 * *' + jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml index b87692f55..1271b8287 100644 --- a/.github/workflows/documentation.yaml +++ b/.github/workflows/documentation.yaml @@ -8,9 +8,12 @@ on: - synchronize paths: - '**.md' + jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/e2e-automation.yml b/.github/workflows/e2e-automation.yml index 9f379458e..1ccc2e340 100644 --- a/.github/workflows/e2e-automation.yml +++ b/.github/workflows/e2e-automation.yml @@ -15,10 +15,12 @@ on: description: 'Set Qase token to enable integration' required: false type: string - + jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/e2e-checks.yaml b/.github/workflows/e2e-checks.yaml index 0f0919ab8..ff336ac28 100644 --- a/.github/workflows/e2e-checks.yaml +++ b/.github/workflows/e2e-checks.yaml @@ -8,8 +8,9 @@ on: - "kafka-ui-react-app/**" - "kafka-ui-e2e-checks/**" - "pom.xml" -permissions: +permissions: # TODO remove when public statuses: write + contents: read jobs: build-and-test: runs-on: ubuntu-latest diff --git a/.github/workflows/e2e-manual.yml b/.github/workflows/e2e-manual.yml index e042aa8c2..0e80ccf33 100644 --- a/.github/workflows/e2e-manual.yml +++ b/.github/workflows/e2e-manual.yml @@ -14,10 +14,12 @@ on: description: 'Set Qase token to enable integration' required: true type: string - + jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/e2e-weekly.yml b/.github/workflows/e2e-weekly.yml index bee953f6b..671fcac67 100644 --- a/.github/workflows/e2e-weekly.yml +++ b/.github/workflows/e2e-weekly.yml @@ -6,6 +6,8 @@ on: jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/frontend.yaml b/.github/workflows/frontend.yaml index a0fc5a6c3..b8d430d36 100644 --- a/.github/workflows/frontend.yaml +++ b/.github/workflows/frontend.yaml @@ -8,15 +8,15 @@ on: paths: - "kafka-ui-contract/**" - "kafka-ui-react-app/**" -permissions: - checks: write - pull-requests: write + jobs: build-and-test: env: CI: true NODE_ENV: dev runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml index 15a15e9a6..5721bbc63 100644 --- a/.github/workflows/master.yaml +++ b/.github/workflows/master.yaml @@ -3,10 +3,12 @@ on: workflow_dispatch: push: branches: [ "main" ] - + jobs: build: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/release-serde-api.yaml b/.github/workflows/release-serde-api.yaml index e8c31695e..9d0012778 100644 --- a/.github/workflows/release-serde-api.yaml +++ b/.github/workflows/release-serde-api.yaml @@ -4,6 +4,8 @@ on: workflow_dispatch jobs: release-serde-api: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7f098e702..5a6a0d327 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -6,6 +6,8 @@ on: jobs: release: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read outputs: version: ${{steps.build.outputs.version}} steps: diff --git a/.github/workflows/separate_env_public_create.yml b/.github/workflows/separate_env_public_create.yml index da410b58f..022b66792 100644 --- a/.github/workflows/separate_env_public_create.yml +++ b/.github/workflows/separate_env_public_create.yml @@ -10,6 +10,8 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/workflow_linter.yaml b/.github/workflows/workflow_linter.yaml index ead898cf0..c0a05c668 100644 --- a/.github/workflows/workflow_linter.yaml +++ b/.github/workflows/workflow_linter.yaml @@ -8,9 +8,12 @@ on: - "edited" paths: - ".github/workflows/**" + jobs: build-and-test: runs-on: ubuntu-latest + permissions: # TODO remove when public + contents: read steps: - uses: actions/checkout@v4 with: