From b29a5bfa3078f8205d416954dc36df28e8f579bb Mon Sep 17 00:00:00 2001 From: Stan Ulbrych Date: Sun, 5 Apr 2026 20:23:43 +0100 Subject: [PATCH 1/2] [3.11] gh-145098: Use `macos-15-intel` instead of unstable `macos-26-intel` in `{jit,tail-call}.yml` (GH-148126) (cherry picked from commit bce96a181350f348560fe0623361f39a6d5c6361) Co-authored-by: Stan Ulbrych Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> --- .github/workflows/build.yml | 3 +-- .github/workflows/lint.yml | 3 +-- .github/workflows/new-bugs-announce-notifier.yml | 5 +++-- .github/workflows/require-pr-label.yml | 6 +++--- .github/workflows/stale.yml | 6 +++--- .github/workflows/verify-ensurepip-wheels.yml | 3 +-- .github/workflows/verify-expat.yml | 3 +-- 7 files changed, 13 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 87091022c29303..9eedda17d83e75 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,8 +11,7 @@ on: - 'main' - '3.*' -permissions: - contents: read +permissions: {} concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}-reusable diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 20d1477e508468..62e255095c9458 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -2,8 +2,7 @@ name: Lint on: [push, pull_request, workflow_dispatch] -permissions: - contents: read +permissions: {} env: FORCE_COLOR: 1 diff --git a/.github/workflows/new-bugs-announce-notifier.yml b/.github/workflows/new-bugs-announce-notifier.yml index 69cf113f8f00d5..311672bb628c08 100644 --- a/.github/workflows/new-bugs-announce-notifier.yml +++ b/.github/workflows/new-bugs-announce-notifier.yml @@ -5,12 +5,13 @@ on: types: - opened -permissions: - issues: read +permissions: {} jobs: notify-new-bugs-announce: runs-on: ubuntu-latest + permissions: + issues: read timeout-minutes: 10 steps: - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 diff --git a/.github/workflows/require-pr-label.yml b/.github/workflows/require-pr-label.yml index 5af45789226278..ebc5699d490841 100644 --- a/.github/workflows/require-pr-label.yml +++ b/.github/workflows/require-pr-label.yml @@ -4,15 +4,15 @@ on: pull_request: types: [opened, reopened, labeled, unlabeled, synchronize] -permissions: - issues: write - pull-requests: write +permissions: {} jobs: label: name: DO-NOT-MERGE / unresolved review if: github.repository_owner == 'python' runs-on: ubuntu-latest + permissions: + pull-requests: read timeout-minutes: 10 steps: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 23a316befc6cba..164882460d66d8 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -4,14 +4,14 @@ on: schedule: - cron: "0 0 * * *" -permissions: - pull-requests: write +permissions: {} jobs: stale: if: github.repository_owner == 'python' - runs-on: ubuntu-latest + permissions: + pull-requests: write timeout-minutes: 10 steps: diff --git a/.github/workflows/verify-ensurepip-wheels.yml b/.github/workflows/verify-ensurepip-wheels.yml index 2c47fdbc1e12b5..018b0463b7f8dc 100644 --- a/.github/workflows/verify-ensurepip-wheels.yml +++ b/.github/workflows/verify-ensurepip-wheels.yml @@ -13,8 +13,7 @@ on: - '.github/workflows/verify-ensurepip-wheels.yml' - 'Tools/scripts/verify_ensurepip_wheels.py' -permissions: - contents: read +permissions: {} concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} diff --git a/.github/workflows/verify-expat.yml b/.github/workflows/verify-expat.yml index 472a11db2da5fb..e193dfa4603e8a 100644 --- a/.github/workflows/verify-expat.yml +++ b/.github/workflows/verify-expat.yml @@ -11,8 +11,7 @@ on: - 'Modules/expat/**' - '.github/workflows/verify-expat.yml' -permissions: - contents: read +permissions: {} concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} From 7e6cd9132280c3ee47eaf19eb7ed3f227caa21ef Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Sun, 5 Apr 2026 23:19:52 +0300 Subject: [PATCH 2/2] macos-26-intel -> macos-15-intel --- .github/workflows/reusable-macos.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-macos.yml b/.github/workflows/reusable-macos.yml index d3e9defd1109aa..fa8d89912bc0d7 100644 --- a/.github/workflows/reusable-macos.yml +++ b/.github/workflows/reusable-macos.yml @@ -26,7 +26,7 @@ jobs: matrix: os: [ "macos-26", # Apple Silicon - "macos-26-intel", # Intel + "macos-15-intel", # Intel ] runs-on: ${{ matrix.os }} steps: