huggingface · ydshieh · Nov 8, 2025 · Nov 8, 2025
diff --git a/.github/workflows/check-workflow-permissions.yml b/.github/workflows/check-workflow-permissions.yml
@@ -20,4 +20,4 @@ jobs:
       contents: read
     with:
       workflow_name: ${{ inputs.workflow_name }}
-      run_count: ${{ fromJSON(inputs.run_count) }}
+      run_count: ${{ fromJSON(inputs.run_count) }}
diff --git a/.github/workflows/get-pr-info.yml b/.github/workflows/get-pr-info.yml
@@ -87,9 +87,6 @@ jobs:
       PR_FILES: ${{ steps.pr_info.outputs.files }}
     if: ${{ inputs.pr_number != '' }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Extract PR details
         id: pr_info
         uses: actions/github-script@v6

diff --git a/.github/workflows/get-pr-number.yml b/.github/workflows/get-pr-number.yml
@@ -13,9 +13,6 @@ jobs:
     outputs:
       PR_NUMBER: ${{ steps.set_pr_number.outputs.PR_NUMBER }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Get PR number
         shell: bash
         env:

diff --git a/.github/workflows/new_model_pr_merged_notification.yml b/.github/workflows/new_model_pr_merged_notification.yml
@@ -13,9 +13,6 @@ jobs:
     name: Notify new model
     runs-on: ubuntu-22.04
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0

diff --git a/.github/workflows/pr_build_doc_with_comment.yml b/.github/workflows/pr_build_doc_with_comment.yml
@@ -35,9 +35,6 @@ jobs:
       PR_MERGE_COMMIT_DATE: ${{ needs.get-pr-info.outputs.PR_MERGE_COMMIT_DATE }}
       PR_MERGE_COMMIT_TIMESTAMP: ${{ needs.get-pr-info.outputs.PR_MERGE_COMMIT_TIMESTAMP }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - run: |
           COMMENT_TIMESTAMP=$(date -d "${COMMENT_DATE}" +"%s")
           echo "COMMENT_DATE: $COMMENT_DATE"
@@ -57,9 +54,6 @@ jobs:
       statuses: write
     runs-on: ubuntu-22.04
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Create Run
         id: create_run
         env:
@@ -83,9 +77,6 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-22.04
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Reply to the comment
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -121,9 +112,6 @@ jobs:
       GITHUB_RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
       STATUS_OK: ${{ contains(fromJSON('["skipped", "success"]'), needs.create_run.result) }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Get `build-doc` job status
         run: |
           echo "${{ needs.build-doc.result }}"

diff --git a/.github/workflows/pr_slow_ci_suggestion.yml b/.github/workflows/pr_slow_ci_suggestion.yml
@@ -23,10 +23,6 @@ jobs:
     outputs:
       jobs: ${{ steps.get_jobs.outputs.jobs_to_run }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       # This checkout to the main branch
       - uses: actions/checkout@v4
         with:
@@ -93,10 +89,6 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-22.04
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Check and update comment if needed
         uses: actions/github-script@v7
         env:

diff --git a/.github/workflows/push-important-models.yml b/.github/workflows/push-important-models.yml
@@ -11,10 +11,6 @@ jobs:
     outputs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Check out code
         uses: actions/checkout@v4
 

diff --git a/.github/workflows/release-conda.yml b/.github/workflows/release-conda.yml
@@ -18,10 +18,6 @@ jobs:
         shell: bash -l {0}
 
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Checkout repository
         uses: actions/checkout@v4
 

diff --git a/.github/workflows/self-comment-ci.yml b/.github/workflows/self-comment-ci.yml
@@ -46,10 +46,6 @@ jobs:
       PR_HEAD_SHA: ${{ needs.get-pr-info.outputs.PR_HEAD_SHA }}
       PR_MERGE_SHA: ${{ needs.get-pr-info.outputs.PR_MERGE_COMMIT_SHA }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Verify `merge_commit` timestamp is older than the issue comment timestamp
         env:
           COMMENT_DATE: ${{ github.event.comment.created_at }}
@@ -71,10 +67,6 @@ jobs:
       models: ${{ steps.models_to_run.outputs.models }}
       quantizations: ${{ steps.models_to_run.outputs.quantizations }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - uses: actions/checkout@v4
         with:
           fetch-depth: "0"
@@ -117,10 +109,6 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-22.04
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Reply to the comment
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -143,10 +131,6 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-22.04
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Reply to the comment
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -168,10 +152,6 @@ jobs:
       statuses: write
     runs-on: ubuntu-22.04
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Create Run
         id: create_run
         env:
@@ -230,10 +210,6 @@ jobs:
     if: ${{ always() && needs.create_run.result == 'success' }}
     runs-on: ubuntu-22.04
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Show reports from jobs
         env:
           MODEL_REPORT: ${{ needs.model-ci.outputs.report }}

diff --git a/.github/workflows/self-nightly-caller.yml b/.github/workflows/self-nightly-caller.yml
@@ -30,10 +30,6 @@ jobs:
     name: Setup
     runs-on: ubuntu-22.04
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Setup
         run: |
           mkdir "setup_values"

diff --git a/.github/workflows/self-nightly-past-ci-caller.yml b/.github/workflows/self-nightly-past-ci-caller.yml
@@ -14,9 +14,6 @@ jobs:
     outputs:
       run_number: ${{ steps.get_number.outputs.run_number }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Get number
         id: get_number
         run: |

diff --git a/.github/workflows/self-scheduled-amd-caller.yml b/.github/workflows/self-scheduled-amd-caller.yml
@@ -10,9 +10,5 @@ jobs:
     runs-on: ubuntu-22.04
     if: ${{ always() }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Trigger scheduled AMD CI via workflow_run
         run: echo "Trigger scheduled AMD CI via workflow_run"
diff --git a/.github/workflows/self-scheduled-caller.yml b/.github/workflows/self-scheduled-caller.yml
@@ -32,9 +32,6 @@ jobs:
     name: Setup
     runs-on: ubuntu-22.04
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Setup
         env:
           prev_workflow_run_id: ${{ inputs.prev_workflow_run_id || env.prev_workflow_run_id }}

diff --git a/.github/workflows/self-scheduled-flash-attn-caller.yml b/.github/workflows/self-scheduled-flash-attn-caller.yml
@@ -32,10 +32,6 @@ jobs:
     name: Setup
     runs-on: ubuntu-22.04
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Setup
         run: |
           mkdir "setup_values"

diff --git a/.github/workflows/self-scheduled-intel-gaudi.yml b/.github/workflows/self-scheduled-intel-gaudi.yml
@@ -38,10 +38,6 @@ jobs:
       folder_slices: ${{ steps.set-matrix.outputs.folder_slices }}
       quantization_matrix: ${{ steps.set-matrix.outputs.quantization_matrix }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Checkout
         uses: actions/checkout@v4
         with:
@@ -126,10 +122,6 @@ jobs:
         --cap-add=sys_nice
         --shm-size=64G
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Checkout
         uses: actions/checkout@v4
         with:
@@ -199,10 +191,6 @@ jobs:
         --cap-add=sys_nice
         --shm-size=64G
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Checkout
         uses: actions/checkout@v4
         with:
@@ -275,10 +263,6 @@ jobs:
         --cap-add=sys_nice
         --shm-size=64G
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Checkout
         uses: actions/checkout@v4
         with:

diff --git a/.github/workflows/self-scheduled.yml b/.github/workflows/self-scheduled.yml
@@ -78,9 +78,6 @@ jobs:
       slice_ids: ${{ steps.set-matrix.outputs.slice_ids }}
       quantization_matrix: ${{ steps.set-matrix-quantization.outputs.quantization_matrix }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Update clone
         working-directory: /transformers
         env:
@@ -187,9 +184,6 @@ jobs:
       image: huggingface/transformers-all-latest-gpu
       options: --gpus all --shm-size "16gb" --ipc host -v /mnt/cache/.cache/huggingface:/mnt/cache/
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Update clone
         working-directory: /transformers
         env:
@@ -262,9 +256,6 @@ jobs:
       image: huggingface/transformers-all-latest-gpu
       options: --gpus all --shm-size "16gb" --ipc host -v /mnt/cache/.cache/huggingface:/mnt/cache/
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Update clone
         working-directory: /transformers
         env:
@@ -338,9 +329,6 @@ jobs:
       image: ${{ inputs.docker }}
       options: --gpus all --shm-size "16gb" --ipc host -v /mnt/cache/.cache/huggingface:/mnt/cache/
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Update clone
         working-directory: ${{ inputs.working-directory-prefix }}/transformers
         env:
@@ -446,9 +434,6 @@ jobs:
       image: huggingface/transformers-quantization-latest-gpu
       options: --gpus all --shm-size "16gb" --ipc host -v /mnt/cache/.cache/huggingface:/mnt/cache/
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Echo folder ${{ matrix.folders }}
         shell: bash
         env:
@@ -533,9 +518,6 @@ jobs:
       image: ${{ inputs.docker }}
       options: --gpus all --shm-size "16gb" --ipc host -v /mnt/cache/.cache/huggingface:/mnt/cache/
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Update clone
         working-directory: /transformers
         env:
@@ -606,9 +588,6 @@ jobs:
     steps:
       # Checkout in order to run `utils/extract_warnings.py`. Avoid **explicit** checkout (i.e. don't specify `ref`) for
       # security reason.
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - name: Checkout transformers
         uses: actions/checkout@v4
 

diff --git a/.github/workflows/slack-report.yml b/.github/workflows/slack-report.yml
@@ -38,10 +38,6 @@ jobs:
     runs-on: ubuntu-22.04
     if: always() && !cancelled()
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Preliminary job status
         shell: bash
         # For the meaning of these environment variables, see the job `Setup`

diff --git a/.github/workflows/ssh-runner.yml b/.github/workflows/ssh-runner.yml
@@ -30,10 +30,6 @@ jobs:
     outputs:
       RUNNER: ${{ steps.set_runner.outputs.RUNNER }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Get runner to use
         shell: bash
         env:
@@ -62,10 +58,6 @@ jobs:
     container:
       image: ${{ github.event.inputs.docker_image }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
-
       - name: Update clone
         working-directory: /transformers
         env: