[llvm] workflows: Remove top-level permissions from release-tasks.yml (PR #91088)
via llvm-commits
llvm-commits at lists.llvm.org
Sat May 4 14:32:10 PDT 2024
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-github-workflow
Author: Tom Stellard (tstellar)
<details>
<summary>Changes</summary>
This is the recommend best practice and we also don't need write access for all jobs.
---
Full diff: https://github.com/llvm/llvm-project/pull/91088.diff
1 Files Affected:
- (modified) .github/workflows/release-tasks.yml (+7-1)
``````````diff
diff --git a/.github/workflows/release-tasks.yml b/.github/workflows/release-tasks.yml
index 53da8662b0203a..29049ff0142887 100644
--- a/.github/workflows/release-tasks.yml
+++ b/.github/workflows/release-tasks.yml
@@ -1,7 +1,7 @@
name: Release Task
permissions:
- contents: write
+ contents: read
on:
push:
@@ -27,6 +27,8 @@ jobs:
release-create:
name: Create a New Release
runs-on: ubuntu-latest
+ permissions:
+ contents: write # For creating the release.
needs: validate-tag
steps:
@@ -55,6 +57,8 @@ jobs:
release-doxygen:
name: Build and Upload Release Doxygen
+ permissions:
+ contents: write
needs:
- validate-tag
- release-create
@@ -72,6 +76,8 @@ jobs:
release-binaries:
name: Build Release Binaries
+ permissions:
+ contents: write
needs:
- validate-tag
- release-create
``````````
</details>
https://github.com/llvm/llvm-project/pull/91088
More information about the llvm-commits
mailing list