From: Ezio Melotti Date: Sun, 5 Apr 2026 10:04:33 +0000 (+0800) Subject: [3.13] Add `permissions: {}` to all reusable workflows (#148114) (#148116) X-Git-Tag: v3.13.13~14 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ce0c2c9fab28ed00d6e55a282aa89999db2b1448;p=thirdparty%2FPython%2Fcpython.git [3.13] Add `permissions: {}` to all reusable workflows (#148114) (#148116) Add `permissions: {}` to all reusable workflows (#148114) Add permissions: {} to all reusable workflows (cherry picked from commit 1f36a510a2a16e8ff15572f44090c7db43bb7935) --- diff --git a/.github/workflows/reusable-cifuzz.yml b/.github/workflows/reusable-cifuzz.yml index ecb5000ee6bb..f06b193d3715 100644 --- a/.github/workflows/reusable-cifuzz.yml +++ b/.github/workflows/reusable-cifuzz.yml @@ -13,6 +13,8 @@ on: required: true type: string +permissions: {} + jobs: cifuzz: name: ${{ inputs.oss-fuzz-project-name }} (${{ inputs.sanitizer }}) diff --git a/.github/workflows/reusable-context.yml b/.github/workflows/reusable-context.yml index 79638845bb99..6416115b1de0 100644 --- a/.github/workflows/reusable-context.yml +++ b/.github/workflows/reusable-context.yml @@ -48,6 +48,8 @@ on: # yamllint disable-line rule:truthy description: Whether to run the Windows tests value: ${{ jobs.compute-changes.outputs.run-windows-tests }} # bool +permissions: {} + jobs: compute-changes: name: Create context from changed files diff --git a/.github/workflows/reusable-docs.yml b/.github/workflows/reusable-docs.yml index bee44e8df276..e1c35021432a 100644 --- a/.github/workflows/reusable-docs.yml +++ b/.github/workflows/reusable-docs.yml @@ -4,8 +4,7 @@ on: workflow_call: workflow_dispatch: -permissions: - contents: read +permissions: {} concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} diff --git a/.github/workflows/reusable-macos.yml b/.github/workflows/reusable-macos.yml index eb5d2e19bd4b..dbc6fd3774a5 100644 --- a/.github/workflows/reusable-macos.yml +++ b/.github/workflows/reusable-macos.yml @@ -12,6 +12,8 @@ on: required: true type: string +permissions: {} + env: FORCE_COLOR: 1 diff --git a/.github/workflows/reusable-san.yml b/.github/workflows/reusable-san.yml index 752f27cbe55c..f5e7f48b860b 100644 --- a/.github/workflows/reusable-san.yml +++ b/.github/workflows/reusable-san.yml @@ -12,6 +12,8 @@ on: type: boolean default: false +permissions: {} + env: FORCE_COLOR: 1 diff --git a/.github/workflows/reusable-ubuntu.yml b/.github/workflows/reusable-ubuntu.yml index 6335102d8552..3f1abce25c96 100644 --- a/.github/workflows/reusable-ubuntu.yml +++ b/.github/workflows/reusable-ubuntu.yml @@ -9,6 +9,8 @@ on: type: boolean default: false +permissions: {} + env: FORCE_COLOR: 1 diff --git a/.github/workflows/reusable-wasi.yml b/.github/workflows/reusable-wasi.yml index 5895c01f7ac3..e9c032f93bbf 100644 --- a/.github/workflows/reusable-wasi.yml +++ b/.github/workflows/reusable-wasi.yml @@ -3,6 +3,8 @@ name: Reusable WASI on: workflow_call: +permissions: {} + env: FORCE_COLOR: 1 diff --git a/.github/workflows/reusable-windows-msi.yml b/.github/workflows/reusable-windows-msi.yml index e690224f3553..e836944f465b 100644 --- a/.github/workflows/reusable-windows-msi.yml +++ b/.github/workflows/reusable-windows-msi.yml @@ -8,8 +8,7 @@ on: required: true type: string -permissions: - contents: read +permissions: {} env: FORCE_COLOR: 1 diff --git a/.github/workflows/reusable-windows.yml b/.github/workflows/reusable-windows.yml index 8bed897bd3de..41ba50d8665d 100644 --- a/.github/workflows/reusable-windows.yml +++ b/.github/workflows/reusable-windows.yml @@ -17,6 +17,8 @@ on: type: boolean default: false +permissions: {} + env: FORCE_COLOR: 1 IncludeUwp: >-