PublicArchive/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-05-06 12:49:07 -04:00
Code Issues Packages Projects Releases Wiki Activity

Default GHA permissions to contents: read (#148346)

Browse Source
This commit is contained in:
Hugo van Kemenade
2026-04-11 18:37:12 +03:00
committed by GitHub
parent d7c9f1877c
commit 9c9df8ac8c
23 changed files with 47 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/add-issue-header.yml
+2 -1
View File
@@ -12,7 +12,8 @@ on:
# Only ever run once
- opened
permissions: {}
permissions:
contents: read
jobs:
add-header:
.github/workflows/build.yml
+3 -1
View File
@@ -11,7 +11,8 @@ on:
- 'main'
- '3.*'
permissions: {}
permissions:
contents: read
concurrency:
# https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#concurrency
@@ -612,6 +613,7 @@ jobs:
needs.build-context.outputs.run-ci-fuzz == 'true'
|| needs.build-context.outputs.run-ci-fuzz-stdlib == 'true'
permissions:
contents: read
security-events: write
strategy:
fail-fast: false
.github/workflows/jit.yml
+2 -1
View File
@@ -15,7 +15,8 @@ on:
paths: *paths
workflow_dispatch:
permissions: {}
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
.github/workflows/lint.yml
+2 -1
View File
@@ -2,7 +2,8 @@ name: Lint
on: [push, pull_request, workflow_dispatch]
permissions: {}
permissions:
contents: read
env:
FORCE_COLOR: 1
.github/workflows/mypy.yml
+2 -1
View File
@@ -33,7 +33,8 @@ on:
- "Tools/requirements-dev.txt"
workflow_dispatch:
permissions: {}
permissions:
contents: read
env:
PIP_DISABLE_PIP_VERSION_CHECK: 1
.github/workflows/new-bugs-announce-notifier.yml
+2 -1
View File
@@ -5,7 +5,8 @@ on:
types:
- opened
permissions: {}
permissions:
contents: read
jobs:
notify-new-bugs-announce:
.github/workflows/require-pr-label.yml
+2 -1
View File
@@ -4,7 +4,8 @@ on:
pull_request:
types: [opened, reopened, labeled, unlabeled, synchronize]
permissions: {}
permissions:
contents: read
jobs:
label-dnm:
.github/workflows/reusable-check-c-api-docs.yml
+2 -1
View File
@@ -3,7 +3,8 @@ name: Reusable C API Docs Check
on:
workflow_call:
permissions: {}
permissions:
contents: read
env:
FORCE_COLOR: 1
.github/workflows/reusable-check-html-ids.yml
+2 -1
View File
@@ -3,7 +3,8 @@ name: Reusable check HTML IDs
on:
workflow_call:
permissions: {}
permissions:
contents: read
env:
FORCE_COLOR: 1
.github/workflows/reusable-cifuzz.yml
+2 -1
View File
@@ -13,7 +13,8 @@ on:
required: true
type: string
permissions: {}
permissions:
contents: read
jobs:
cifuzz:
.github/workflows/reusable-context.yml
+2 -1
View File
@@ -54,7 +54,8 @@ on: # yamllint disable-line rule:truthy
description: Whether to run the Windows tests
value: ${{ jobs.compute-changes.outputs.run-windows-tests }} # bool
permissions: {}
permissions:
contents: read
jobs:
compute-changes:
.github/workflows/reusable-docs.yml
+2 -1
View File
@@ -4,7 +4,8 @@ on:
workflow_call:
workflow_dispatch:
permissions: {}
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
.github/workflows/reusable-emscripten.yml
+2 -1
View File
@@ -3,7 +3,8 @@ name: Reusable Emscripten
on:
workflow_call:
permissions: {}
permissions:
contents: read
env:
FORCE_COLOR: 1
.github/workflows/reusable-macos.yml
+2 -1
View File
@@ -12,7 +12,8 @@ on:
required: true
type: string
permissions: {}
permissions:
contents: read
env:
FORCE_COLOR: 1
.github/workflows/reusable-san.yml
+2 -1
View File
@@ -12,7 +12,8 @@ on:
type: boolean
default: false
permissions: {}
permissions:
contents: read
env:
FORCE_COLOR: 1
.github/workflows/reusable-ubuntu.yml
+2 -1
View File
@@ -23,7 +23,8 @@ on:
type: string
default: ''
permissions: {}
permissions:
contents: read
env:
FORCE_COLOR: 1
.github/workflows/reusable-wasi.yml
+2 -1
View File
@@ -3,7 +3,8 @@ name: Reusable WASI
on:
workflow_call:
permissions: {}
permissions:
contents: read
env:
FORCE_COLOR: 1
.github/workflows/reusable-windows-msi.yml
+2 -1
View File
@@ -8,7 +8,8 @@ on:
required: true
type: string
permissions: {}
permissions:
contents: read
env:
FORCE_COLOR: 1
.github/workflows/reusable-windows.yml
+2 -1
View File
@@ -17,7 +17,8 @@ on:
required: true
type: string
permissions: {}
permissions:
contents: read
env:
FORCE_COLOR: 1
.github/workflows/stale.yml
+2 -1
View File
@@ -4,7 +4,8 @@ on:
schedule:
- cron: "0 */6 * * *"
permissions: {}
permissions:
contents: read
jobs:
stale:
.github/workflows/tail-call.yml
+2 -1
View File
@@ -11,7 +11,8 @@ on:
paths: *paths
workflow_dispatch:
permissions: {}
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
.github/workflows/verify-ensurepip-wheels.yml
+2 -1
View File
@@ -13,7 +13,8 @@ on:
- '.github/workflows/verify-ensurepip-wheels.yml'
- 'Tools/build/verify_ensurepip_wheels.py'
permissions: {}
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
.github/workflows/verify-expat.yml
+2 -1
View File
@@ -11,7 +11,8 @@ on:
- 'Modules/expat/**'
- '.github/workflows/verify-expat.yml'
permissions: {}
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}