Skip to content

Commit

Permalink
[CI] Configure workflow permissions (#5648)
Browse files Browse the repository at this point in the history
# Description
<!-- Please include a summary of the changes and the related issue.
Please also include relevant motivation and context. List any
dependencies that are required for this change. -->

Closes #<issue_number>

**Type of change**
<!-- Please delete options that are not relevant. Remember to title the
PR according to the type of change -->

- Bug fix (non-breaking change which fixes an issue)
- New feature (non-breaking change which adds functionality)
- Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- Refactor (change restructuring the codebase without changing
functionality)
- Improvement (change adding some improvement to an existing
functionality)
- Documentation update

**How Has This Been Tested**
<!-- Please add some reference about how your feature has been tested.
-->

**Checklist**
<!-- Please go over the list and make sure you've taken everything into
account -->

- I added relevant documentation
- I followed the style guidelines of this project
- I did a self-review of my code
- I made corresponding changes to the documentation
- I confirm My changes generate no new warnings
- I have added tests that prove my fix is effective or that my feature
works
- I have added relevant notes to the CHANGELOG.md file (See
https://keepachangelog.com/)
  • Loading branch information
frascuchon committed Oct 30, 2024
1 parent f8fa6eb commit 7278d1e
Show file tree
Hide file tree
Showing 6 changed files with 22 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,8 @@ jobs:

- name: Build Frontend
run: |
npm install
npm run build
npm install
npm run build
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
Expand Down Expand Up @@ -91,7 +91,7 @@ jobs:
# Authenticate in GCP using Workload Identity Federation, so we can push the Docker image to the Google Cloud Artifact Registry
- name: Authenticate to Google Cloud
id: google-auth
uses: 'google-github-actions/auth@v1'
uses: "google-github-actions/auth@v1"
with:
token_format: access_token
workload_identity_provider: ${{ secrets.GOOGLE_CLOUD_WIP }}
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/argilla-frontend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ on:
paths:
- "argilla-frontend/**"

permissions:
contents: read
id-token: write
pull-requests: write

jobs:
build:
name: Build argilla-frontend
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/argilla-server.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ on:
paths:
- "argilla-server/**"

permissions:
id-token: write

jobs:
build:
name: Build `argilla-server` package
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/argilla.docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ defaults:
run:
working-directory: argilla

permissions:
contents: write
pull-requests: write

jobs:
publish:
runs-on: ubuntu-latest
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/argilla.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ on:
paths:
- "argilla/**"

permissions:
id-token: write

jobs:
build:
services:
Expand Down Expand Up @@ -85,8 +88,6 @@ jobs:
# contents: read
# IMPORTANT: this permission is mandatory for trusted publishing on PyPI
id-token: write
# This permission is needed for creating tags
contents: write

needs:
- build
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/close-inactive-issues-bot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ on:
schedule:
- cron: "30 1 * * *"

permissions:
issues: write
pull-requests: write

jobs:
close-issues:
runs-on: ubuntu-latest
Expand Down

0 comments on commit 7278d1e

Please sign in to comment.