From 733a1afd2741e22e845a403088f8d318600f03d6 Mon Sep 17 00:00:00 2001 From: Stan Ulbrych Date: Sun, 5 Apr 2026 20:23:43 +0100 Subject: [PATCH 1/2] [3.10] gh-145098: Use `macos-15-intel` instead of unstable `macos-26-intel` in `{jit,tail-call}.yml` (GH-148126) (cherry picked from commit bce96a181350f348560fe0623361f39a6d5c6361) Co-authored-by: Stan Ulbrych Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> --- .github/workflows/build.yml | 3 +-- .github/workflows/stale.yml | 2 ++ .github/workflows/verify-ensurepip-wheels.yml | 3 +-- .github/workflows/verify-expat.yml | 3 +-- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7cbd43da6fc94a..8a1d371f2f9048 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,8 +11,7 @@ on: - 'main' - '3.*' -permissions: - contents: read +permissions: {} concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 5bbb6f0cb414ee..2a4e1c339df4f6 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -7,6 +7,8 @@ on: permissions: pull-requests: write +permissions: {} + jobs: stale: diff --git a/.github/workflows/verify-ensurepip-wheels.yml b/.github/workflows/verify-ensurepip-wheels.yml index fe27c4f09319ec..b18fc92a0499d1 100644 --- a/.github/workflows/verify-ensurepip-wheels.yml +++ b/.github/workflows/verify-ensurepip-wheels.yml @@ -13,8 +13,7 @@ on: - '.github/workflows/verify-ensurepip-wheels.yml' - 'Tools/scripts/verify_ensurepip_wheels.py' -permissions: - contents: read +permissions: {} concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} diff --git a/.github/workflows/verify-expat.yml b/.github/workflows/verify-expat.yml index 472a11db2da5fb..e193dfa4603e8a 100644 --- a/.github/workflows/verify-expat.yml +++ b/.github/workflows/verify-expat.yml @@ -11,8 +11,7 @@ on: - 'Modules/expat/**' - '.github/workflows/verify-expat.yml' -permissions: - contents: read +permissions: {} concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} From 6a0c16f4aae5d87af5cce295f3d36fe22a608cfd Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Sun, 5 Apr 2026 23:25:35 +0300 Subject: [PATCH 2/2] Add 'permissions: {}' to all workflows --- .github/workflows/stale.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 2a4e1c339df4f6..8949defda4d15c 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -4,15 +4,15 @@ on: schedule: - cron: "0 0 * * *" -permissions: - pull-requests: write - permissions: {} jobs: stale: - + if: github.repository_owner == 'python' runs-on: ubuntu-latest + permissions: + pull-requests: write + timeout-minutes: 10 steps: - name: "Check PRs"