Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add explicit permissions to GitHub Actions #24579

Merged
merged 1 commit into from Dec 2, 2022
Merged

Add explicit permissions to GitHub Actions #24579

merged 1 commit into from Dec 2, 2022

Conversation

QuLogic
Copy link
Member

@QuLogic QuLogic commented Dec 2, 2022

PR Summary

While everything we do is basically public, there's no reason to give the tokens on these jobs full permissions. (Note, once a single item is added, all other permissions are disabled.)

Also update the CircleCI check to the action's latest recommended jobs.

PR Checklist

Documentation and Tests

  • [n/a] Has pytest style unit tests (and pytest passes)
  • [n/a] Documentation is sphinx and numpydoc compliant (the docs should build without error).
  • [n/a] New plotting related features are documented with examples.

Release Notes

  • [n/a] New features are marked with a .. versionadded:: directive in the docstring and documented in doc/users/next_whats_new/
  • [n/a] API changes are marked with a .. versionchanged:: directive in the docstring and documented in doc/api/next_api_changes/
  • [n/a] Release notes conform with instructions in next_whats_new/README.rst or next_api_changes/README.rst

@QuLogic QuLogic added topic: testing Maintenance CI: Run cibuildwheel Run wheel building tests on a PR labels Dec 2, 2022
@QuLogic QuLogic added this to the v3.6.3 milestone Dec 2, 2022
@QuLogic
Add explicit permissions to GitHub Actions
feec9c5 
Also update the CircleCI check to the action's latest recommended jobs.
@QuLogic
Copy link
Member Author

QuLogic commented Dec 2, 2022
edited

I threw in a few bugs, and they were correctly reported, so I've removed them now. Not 100% confident on the nightly bits, as the GitHub docs are a bit vague on what the permissions do, but I think they're correct.

@tacaswell tacaswell merged commit 24f9128 into matplotlib:main Dec 2, 2022
@lumberbot-app
Copy link

lumberbot-app bot commented Dec 2, 2022

Owee, I'm MrMeeseeks, Look at me.

There seem to be a conflict, please backport manually. Here are approximate instructions:

  1. Checkout backport branch and update it.
git checkout v3.6.x
git pull
  1. Cherry pick the first parent branch of the this PR on top of the older branch:
git cherry-pick -x -m1 24f912845dd2765c86863945ed9a5fda82ed418b
  1. You will likely have some merge/cherry-pick conflict here, fix them and commit:
git commit -am 'Backport PR #24579: Add explicit permissions to GitHub Actions'
  1. Push to a named branch:
git push YOURFORK v3.6.x:auto-backport-of-pr-24579-on-v3.6.x
  1. Create a PR against branch v3.6.x, I would have named this PR:

"Backport PR #24579 on branch v3.6.x (Add explicit permissions to GitHub Actions)"

And apply the correct labels and milestones.

Congratulations — you did some good work! Hopefully your backport PR will be tested by the continuous integration and merged soon!

Remember to remove the Still Needs Manual Backport label once the PR gets merged.

If these instructions are inaccurate, feel free to suggest an improvement.

tacaswell added a commit to tacaswell/matplotlib that referenced this pull request Dec 2, 2022
@tacaswell
Backport PR matplotlib#24579: Add explicit permissions to GitHub Actions
733d967 
Merge pull request matplotlib#24579 from QuLogic/action-permissions

Add explicit permissions to GitHub Actions

(cherry picked from commit 24f9128)
@tacaswell tacaswell mentioned this pull request Dec 2, 2022
Merged
@QuLogic QuLogic deleted the action-permissions branch December 3, 2022 00:29
QuLogic added a commit that referenced this pull request Dec 3, 2022
@QuLogic
Merge pull request #24587 from tacaswell/auto-backport-of-pr-24579-on…
f902407 
…-v3.6.x

Backport PR #24579: Add explicit permissions to GitHub Actions
@QuLogic QuLogic mentioned this pull request Dec 15, 2022
Merged
1 task
@ksunden ksunden mentioned this pull request Feb 20, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ksunden ksunden ksunden approved these changes

Assignees
No one assigned
Labels
CI: Run cibuildwheel Run wheel building tests on a PR Maintenance topic: testing
Projects
None yet
Milestone
v3.6.3
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@QuLogic @ksunden @tacaswell