Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CI] Configure workflow permissions #5648

Merged
merged 15 commits into from
Oct 29, 2024
Merged
Show file tree
Hide file tree
Changes from 13 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
# Grant permissions to `GITHUB_TOKEN` for Google Cloud Workload Identity Provider
permissions:
contents: read
# id-token: write
id-token: write

outputs:
version: ${{ steps.docker-image-tag-from-ref.outputs.docker-image-tag }}
Expand All @@ -62,8 +62,8 @@ jobs:

- name: Build Frontend
run: |
npm install
npm run build
npm install
npm run build

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
Expand Down Expand Up @@ -91,7 +91,7 @@ jobs:
# Authenticate in GCP using Workload Identity Federation, so we can push the Docker image to the Google Cloud Artifact Registry
- name: Authenticate to Google Cloud
id: google-auth
uses: 'google-github-actions/auth@v1'
uses: "google-github-actions/auth@v1"
with:
token_format: access_token
workload_identity_provider: ${{ secrets.GOOGLE_CLOUD_WIP }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/argilla-frontend.deploy-environment.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ jobs:
# Grant permissions to `GITHUB_TOKEN` for Google Cloud Workload Identity Provider
permissions:
contents: read
id-token: write
# pull-requests: write
id-token: write
pull-requests: write

steps:
- uses: actions/checkout@v4
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/argilla-frontend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ on:
paths:
- "argilla-frontend/**"

permissions:
contents: read
id-token: write
pull-requests: write

jobs:
build:
name: Build argilla-frontend
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/argilla-server.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ on:
paths:
- "argilla-server/**"

permissions:
id-token: write

jobs:
build:
name: Build `argilla-server` package
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/argilla.docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ defaults:
run:
working-directory: argilla

permissions:
contents: write
pull-requests: write

jobs:
publish:
runs-on: ubuntu-latest
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/argilla.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ on:
paths:
- "argilla/**"

permissions:
id-token: write

jobs:
build:
services:
Expand Down Expand Up @@ -85,8 +88,6 @@ jobs:
# contents: read
# IMPORTANT: this permission is mandatory for trusted publishing on PyPI
id-token: write
# This permission is needed for creating tags
contents: write
Comment on lines -88 to -89
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we're not creating tags automatically. We can remove these lines


needs:
- build
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/close-inactive-issues-bot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ on:
schedule:
- cron: "30 1 * * *"

permissions:
issues: write
pull-requests: write

jobs:
close-issues:
runs-on: ubuntu-latest
Expand Down
1 change: 1 addition & 0 deletions argilla-frontend/nuxt.config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Include comment to force buils
frascuchon marked this conversation as resolved.
Show resolved Hide resolved

import Mode from "frontmatter-markdown-loader/mode";
import { NuxtConfig } from "@nuxt/types";
Expand Down
Loading