diff --git a/.github/workflows/CheckCompatBounds.yml b/.github/workflows/CheckCompatBounds.yml index 87c7428..2fb4b15 100644 --- a/.github/workflows/CheckCompatBounds.yml +++ b/.github/workflows/CheckCompatBounds.yml @@ -1,6 +1,8 @@ name: "Check Compat Bounds" on: pull_request: ~ +permissions: + contents: "read" jobs: check-compat-bounds: name: "Check Compat Bounds" diff --git a/.github/workflows/Documentation.yml b/.github/workflows/Documentation.yml index 7442953..9bfa4ec 100644 --- a/.github/workflows/Documentation.yml +++ b/.github/workflows/Documentation.yml @@ -10,6 +10,8 @@ on: concurrency: group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: "${{ github.ref_name != github.event.repository.default_branch || github.ref != 'refs/tags/v*' }}" +permissions: + contents: "write" jobs: build-and-deploy-docs: name: "Documentation" diff --git a/.github/workflows/FormatCheck.yml b/.github/workflows/FormatCheck.yml index 7bbbfee..30828d6 100644 --- a/.github/workflows/FormatCheck.yml +++ b/.github/workflows/FormatCheck.yml @@ -6,6 +6,8 @@ on: - "synchronize" - "reopened" - "ready_for_review" +permissions: + contents: "read" jobs: format-check: name: "Format Check" diff --git a/.github/workflows/FormatCheckComment.yml b/.github/workflows/FormatCheckComment.yml index b4b78b2..2fa82ad 100644 --- a/.github/workflows/FormatCheckComment.yml +++ b/.github/workflows/FormatCheckComment.yml @@ -5,12 +5,12 @@ on: - "Format Check" types: - "completed" +permissions: + pull-requests: "write" + actions: "read" jobs: comment: name: "Format Check Comment" if: "github.event.workflow_run.event == 'pull_request'" - permissions: - pull-requests: "write" - actions: "read" uses: "ITensor/ITensorActions/.github/workflows/FormatCheckComment.yml@v1" secrets: "inherit" diff --git a/.github/workflows/IntegrationTest.yml b/.github/workflows/IntegrationTest.yml index 3e6635e..25d3a0d 100644 --- a/.github/workflows/IntegrationTest.yml +++ b/.github/workflows/IntegrationTest.yml @@ -11,6 +11,9 @@ on: - "reopened" - "ready_for_review" - "converted_to_draft" +permissions: + actions: "read" + contents: "read" jobs: integration-test: name: "IntegrationTest" diff --git a/.github/workflows/TagBot.yml b/.github/workflows/TagBot.yml index d4da40e..007110a 100644 --- a/.github/workflows/TagBot.yml +++ b/.github/workflows/TagBot.yml @@ -6,6 +6,9 @@ on: workflow_dispatch: ~ env: REGISTRY_TAGBOT_ACTION: "JuliaRegistries/TagBot" +permissions: + contents: "write" + issues: "read" jobs: TagBot: if: "github.event_name == 'workflow_dispatch' || github.actor == 'JuliaTagBot'" diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index 244ca0e..6e1dce9 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -19,6 +19,8 @@ on: concurrency: group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: "${{ startsWith(github.ref, 'refs/pull/') }}" +permissions: + contents: "read" jobs: tests: name: "Tests" diff --git a/.github/workflows/VersionCheck.yml b/.github/workflows/VersionCheck.yml index 102898e..7008f48 100644 --- a/.github/workflows/VersionCheck.yml +++ b/.github/workflows/VersionCheck.yml @@ -1,6 +1,9 @@ name: "Version Check" on: pull_request: ~ +permissions: + contents: "read" + pull-requests: "read" jobs: version-check: name: "Version Check" diff --git a/Project.toml b/Project.toml index 2758299..fb94872 100644 --- a/Project.toml +++ b/Project.toml @@ -1,6 +1,6 @@ name = "ITensorPkgSkeleton" uuid = "3d388ab1-018a-49f4-ae50-18094d5f71ea" -version = "0.3.57" +version = "0.3.58" authors = ["ITensor developers and contributors"] [workspace] diff --git a/template/.github/workflows/CheckCompatBounds.yml.template b/template/.github/workflows/CheckCompatBounds.yml.template index 87c7428..2fb4b15 100644 --- a/template/.github/workflows/CheckCompatBounds.yml.template +++ b/template/.github/workflows/CheckCompatBounds.yml.template @@ -1,6 +1,8 @@ name: "Check Compat Bounds" on: pull_request: ~ +permissions: + contents: "read" jobs: check-compat-bounds: name: "Check Compat Bounds" diff --git a/template/.github/workflows/Documentation.yml.template b/template/.github/workflows/Documentation.yml.template index 7442953..9bfa4ec 100644 --- a/template/.github/workflows/Documentation.yml.template +++ b/template/.github/workflows/Documentation.yml.template @@ -10,6 +10,8 @@ on: concurrency: group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: "${{ github.ref_name != github.event.repository.default_branch || github.ref != 'refs/tags/v*' }}" +permissions: + contents: "write" jobs: build-and-deploy-docs: name: "Documentation" diff --git a/template/.github/workflows/FormatCheck.yml.template b/template/.github/workflows/FormatCheck.yml.template index 7bbbfee..30828d6 100644 --- a/template/.github/workflows/FormatCheck.yml.template +++ b/template/.github/workflows/FormatCheck.yml.template @@ -6,6 +6,8 @@ on: - "synchronize" - "reopened" - "ready_for_review" +permissions: + contents: "read" jobs: format-check: name: "Format Check" diff --git a/template/.github/workflows/FormatCheckComment.yml.template b/template/.github/workflows/FormatCheckComment.yml.template index b4b78b2..2fa82ad 100644 --- a/template/.github/workflows/FormatCheckComment.yml.template +++ b/template/.github/workflows/FormatCheckComment.yml.template @@ -5,12 +5,12 @@ on: - "Format Check" types: - "completed" +permissions: + pull-requests: "write" + actions: "read" jobs: comment: name: "Format Check Comment" if: "github.event.workflow_run.event == 'pull_request'" - permissions: - pull-requests: "write" - actions: "read" uses: "ITensor/ITensorActions/.github/workflows/FormatCheckComment.yml@v1" secrets: "inherit" diff --git a/template/.github/workflows/IntegrationTest.yml.template b/template/.github/workflows/IntegrationTest.yml.template index 6cd569e..c9888c9 100644 --- a/template/.github/workflows/IntegrationTest.yml.template +++ b/template/.github/workflows/IntegrationTest.yml.template @@ -11,6 +11,9 @@ on: - "reopened" - "ready_for_review" - "converted_to_draft" +permissions: + actions: "read" + contents: "read" jobs: integration-test: name: "IntegrationTest" diff --git a/template/.github/workflows/TagBot.yml.template b/template/.github/workflows/TagBot.yml.template index d4da40e..007110a 100644 --- a/template/.github/workflows/TagBot.yml.template +++ b/template/.github/workflows/TagBot.yml.template @@ -6,6 +6,9 @@ on: workflow_dispatch: ~ env: REGISTRY_TAGBOT_ACTION: "JuliaRegistries/TagBot" +permissions: + contents: "write" + issues: "read" jobs: TagBot: if: "github.event_name == 'workflow_dispatch' || github.actor == 'JuliaTagBot'" diff --git a/template/.github/workflows/Tests.yml.template b/template/.github/workflows/Tests.yml.template index 244ca0e..6e1dce9 100644 --- a/template/.github/workflows/Tests.yml.template +++ b/template/.github/workflows/Tests.yml.template @@ -19,6 +19,8 @@ on: concurrency: group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: "${{ startsWith(github.ref, 'refs/pull/') }}" +permissions: + contents: "read" jobs: tests: name: "Tests" diff --git a/template/.github/workflows/VersionCheck.yml.template b/template/.github/workflows/VersionCheck.yml.template index 102898e..7008f48 100644 --- a/template/.github/workflows/VersionCheck.yml.template +++ b/template/.github/workflows/VersionCheck.yml.template @@ -1,6 +1,9 @@ name: "Version Check" on: pull_request: ~ +permissions: + contents: "read" + pull-requests: "read" jobs: version-check: name: "Version Check"