Skip to content

Commit

Permalink
Workflows: only note reliance on write permissions
Browse files Browse the repository at this point in the history
Repository is now public, so read permissions can be assumed.

Closes #50
  • Loading branch information
ncoghlan committed Oct 30, 2024
1 parent fc68c3b commit 08c4ba5
Show file tree
Hide file tree
Showing 4 changed files with 2 additions and 11 deletions.
1 change: 0 additions & 1 deletion .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ jobs:
name: Upload release to PyPI
runs-on: ubuntu-latest
permissions:
contents: read
# Allow use of GitHub OIDC for PyPI authentication
id-token: write
steps:
Expand Down
5 changes: 1 addition & 4 deletions .github/workflows/scan-workflows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,8 @@ jobs:
build:
runs-on: ubuntu-latest
permissions:
# required for all workflows
# Write access needed to upload SARIF scan results
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
steps:
- uses: actions/checkout@v4
with:
Expand Down
3 changes: 0 additions & 3 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,6 @@ defaults:
# This also implies `set -eo pipefail` (rather than just `set -e`)
shell: bash

permissions:
contents: read

jobs:
tests:
runs-on: ${{ matrix.os }}
Expand Down
4 changes: 1 addition & 3 deletions .github/workflows/update-expected-output.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,6 @@ defaults:
# This also implies `set -eo pipefail` (rather than just `set -e`)
shell: bash

permissions:
contents: read

jobs:
timestamp:
runs-on: ubuntu-20.04
Expand Down Expand Up @@ -178,6 +175,7 @@ jobs:
# Need to check the output for each matrix job separately due to GitHub matrix output limitations
if: needs.test.outputs.want-pr-linux || needs.test.outputs.want-pr-windows || needs.test.outputs.want-pr-macos
permissions:
# Creating PRs involves more than just read permissions
contents: write
pull-requests: write
steps:
Expand Down

0 comments on commit 08c4ba5

Please sign in to comment.