From d0ee70a96a1182bb5d517a7ec0cd07ac5478651d Mon Sep 17 00:00:00 2001 From: Alexandru Popenta Date: Thu, 12 Jun 2025 13:26:33 +0300 Subject: [PATCH] set permissions for workflows --- .github/workflows/build-windows.yml | 3 +++ .github/workflows/build.yml | 3 +++ .github/workflows/install-macos-pipx.yml | 3 +++ .github/workflows/install-ubuntu-pipx.yml | 3 +++ .github/workflows/mypy.yml | 4 ++++ .github/workflows/test-localnet-tests.yml | 7 +++++-- .github/workflows/test-localnet.yml | 13 ++++++++----- 7 files changed, 29 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-windows.yml b/.github/workflows/build-windows.yml index fda48f40..32c1c314 100644 --- a/.github/workflows/build-windows.yml +++ b/.github/workflows/build-windows.yml @@ -8,6 +8,9 @@ on: branches: [main, feat/*] workflow_dispatch: +permissions: + contents: read + jobs: build: name: Build and Test mxpy for ${{ matrix.os }}, python ${{ matrix.python-version }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7f31f431..c84533cd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,6 +8,9 @@ on: branches: [main, feat/*] workflow_dispatch: +permissions: + contents: read + jobs: build: name: Build and Test mxpy for ${{ matrix.os }}, python ${{ matrix.python-version }} diff --git a/.github/workflows/install-macos-pipx.yml b/.github/workflows/install-macos-pipx.yml index 7090ee06..1c451760 100644 --- a/.github/workflows/install-macos-pipx.yml +++ b/.github/workflows/install-macos-pipx.yml @@ -5,6 +5,9 @@ on: branches: [main, feat/*] workflow_dispatch: +permissions: + contents: read + env: BRANCH_NAME: ${{ github.head_ref || github.ref_name }} diff --git a/.github/workflows/install-ubuntu-pipx.yml b/.github/workflows/install-ubuntu-pipx.yml index 89c4afa4..9a94e492 100644 --- a/.github/workflows/install-ubuntu-pipx.yml +++ b/.github/workflows/install-ubuntu-pipx.yml @@ -5,6 +5,9 @@ on: branches: [main, feat/*] workflow_dispatch: +permissions: + contents: read + env: BRANCH_NAME: ${{ github.head_ref || github.ref_name }} diff --git a/.github/workflows/mypy.yml b/.github/workflows/mypy.yml index a82a8196..559f2530 100644 --- a/.github/workflows/mypy.yml +++ b/.github/workflows/mypy.yml @@ -1,5 +1,9 @@ name: mypy reviewdog check on: [pull_request] + +permissions: + contents: read + jobs: mypy: name: runner / mypy diff --git a/.github/workflows/test-localnet-tests.yml b/.github/workflows/test-localnet-tests.yml index 8c62ad80..5f64fcc8 100644 --- a/.github/workflows/test-localnet-tests.yml +++ b/.github/workflows/test-localnet-tests.yml @@ -5,6 +5,9 @@ on: branches: [main, feat/*] workflow_dispatch: +permissions: + contents: read + env: BRANCH_NAME: ${{ github.head_ref || github.ref_name }} @@ -40,10 +43,10 @@ jobs: export PYTHONPATH=. python3 -m multiversx_sdk_cli.cli localnet prerequisites --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_remote.toml python3 -m multiversx_sdk_cli.cli localnet build --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_remote.toml - + # "Go" and artifacts from "GOPATH/pkg/mod" are not needed anymore. sudo rm -rf ~/multiversx-sdk/golang - + python3 -m multiversx_sdk_cli.cli localnet clean --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_remote.toml python3 -m multiversx_sdk_cli.cli localnet config --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_remote.toml nohup python3 -m multiversx_sdk_cli.cli localnet start --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_remote.toml > localnet.log 2>&1 & echo $! > localnet.pid diff --git a/.github/workflows/test-localnet.yml b/.github/workflows/test-localnet.yml index dcbc9a4f..9f3f063d 100644 --- a/.github/workflows/test-localnet.yml +++ b/.github/workflows/test-localnet.yml @@ -5,6 +5,9 @@ on: branches: [main, feat/*] workflow_dispatch: +permissions: + contents: read + env: BRANCH_NAME: ${{ github.head_ref || github.ref_name }} @@ -40,10 +43,10 @@ jobs: python3 -m multiversx_sdk_cli.cli config set github_api_token ${{ secrets.GITHUB_TOKEN }} python3 -m multiversx_sdk_cli.cli localnet prerequisites --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_remote.toml python3 -m multiversx_sdk_cli.cli localnet build --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_remote.toml - + # "Go" and artifacts from "GOPATH/pkg/mod" are not needed anymore. sudo rm -rf ~/multiversx-sdk/golang - + python3 -m multiversx_sdk_cli.cli localnet clean --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_remote.toml python3 -m multiversx_sdk_cli.cli localnet config --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_remote.toml python3 -m multiversx_sdk_cli.cli localnet start --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_remote.toml --stop-after-seconds=120 @@ -62,13 +65,13 @@ jobs: git clone https://github.com/multiversx/mx-chain-go --branch=master --single-branch ~/multiversx-sdk/sandbox/mx-chain-go git clone https://github.com/multiversx/mx-chain-proxy-go --branch=master --single-branch ~/multiversx-sdk/sandbox/mx-chain-proxy-go - + python3 -m multiversx_sdk_cli.cli localnet prerequisites --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_local.toml python3 -m multiversx_sdk_cli.cli localnet build --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_local.toml - + # "Go" and artifacts from "GOPATH/pkg/mod" are not needed anymore. sudo rm -rf ~/multiversx-sdk/golang - + python3 -m multiversx_sdk_cli.cli localnet clean --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_local.toml python3 -m multiversx_sdk_cli.cli localnet config --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_local.toml python3 -m multiversx_sdk_cli.cli localnet start --configfile=./multiversx_sdk_cli/tests/testdata/localnet_with_resolution_local.toml --stop-after-seconds=120