diff --git a/.github/workflows/cache_cleanup.yml b/.github/workflows/cache_cleanup.yml index f1e0b06542161..e021c8b73c4de 100644 --- a/.github/workflows/cache_cleanup.yml +++ b/.github/workflows/cache_cleanup.yml @@ -14,6 +14,9 @@ jobs: actions: write contents: read steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} - name: Check out code uses: actions/checkout@v5 diff --git a/.github/workflows/colcon.yml b/.github/workflows/colcon.yml index 052726313c003..86889457ba1ac 100644 --- a/.github/workflows/colcon.yml +++ b/.github/workflows/colcon.yml @@ -144,6 +144,9 @@ jobs: strategy: fail-fast: false # don't cancel if a job from the matrix fails steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/esp32_build.yml b/.github/workflows/esp32_build.yml index 7df6f30652c58..d110a795b734b 100644 --- a/.github/workflows/esp32_build.yml +++ b/.github/workflows/esp32_build.yml @@ -155,6 +155,9 @@ jobs: gcc: [10] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} - uses: actions/checkout@v5 with: submodules: 'recursive' diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index bee3f93112f48..9f18777b06a05 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,6 +7,9 @@ jobs: ci: runs-on: ubuntu-latest steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} - uses: actions/checkout@v5 - uses: actions/setup-python@v5 with: diff --git a/.github/workflows/test_branch_conventions.yml b/.github/workflows/test_branch_conventions.yml index a28960e39c4ed..d4783986dd0c9 100644 --- a/.github/workflows/test_branch_conventions.yml +++ b/.github/workflows/test_branch_conventions.yml @@ -9,6 +9,9 @@ jobs: runs-on: ubuntu-latest steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} - name: Checkout PR branch uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_ccache.yml b/.github/workflows/test_ccache.yml index 42d757b3a342f..71fb64405d523 100644 --- a/.github/workflows/test_ccache.yml +++ b/.github/workflows/test_ccache.yml @@ -134,6 +134,9 @@ jobs: ] gcc: [10] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_chibios.yml b/.github/workflows/test_chibios.yml index 376256d4d93e7..fa67f07154ca7 100644 --- a/.github/workflows/test_chibios.yml +++ b/.github/workflows/test_chibios.yml @@ -171,6 +171,9 @@ jobs: toolchain: chibios-clang steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_coverage.yml b/.github/workflows/test_coverage.yml index 263db22ac2800..6f2b1fd919677 100644 --- a/.github/workflows/test_coverage.yml +++ b/.github/workflows/test_coverage.yml @@ -37,6 +37,9 @@ jobs: - config: sitltest-can type: coverage steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_dds.yml b/.github/workflows/test_dds.yml index 1307214daa0ab..eaafd08f4e117 100644 --- a/.github/workflows/test_dds.yml +++ b/.github/workflows/test_dds.yml @@ -150,6 +150,9 @@ jobs: stm32h7 ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_environment.yml b/.github/workflows/test_environment.yml index 3ac85ca8920fd..a6017f4b8cc67 100644 --- a/.github/workflows/test_environment.yml +++ b/.github/workflows/test_environment.yml @@ -43,6 +43,9 @@ jobs: - os: debian name: bullseye steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} - name: Install Git timeout-minutes: 30 env: diff --git a/.github/workflows/test_linux_sbc.yml b/.github/workflows/test_linux_sbc.yml index fa42d1c8e018b..921b51001ba56 100644 --- a/.github/workflows/test_linux_sbc.yml +++ b/.github/workflows/test_linux_sbc.yml @@ -170,6 +170,9 @@ jobs: toolchain: armhf steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_replay.yml b/.github/workflows/test_replay.yml index d761557104fba..14e271183e668 100644 --- a/.github/workflows/test_replay.yml +++ b/.github/workflows/test_replay.yml @@ -161,6 +161,9 @@ jobs: replay ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_scripting.yml b/.github/workflows/test_scripting.yml index c81ea513c7ce1..2ed07366c49fb 100644 --- a/.github/workflows/test_scripting.yml +++ b/.github/workflows/test_scripting.yml @@ -28,6 +28,9 @@ jobs: runs-on: ubuntu-22.04 container: ardupilot/ardupilot-dev-base:v0.1.3 steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_scripts.yml b/.github/workflows/test_scripts.yml index b498b25ebd0a2..50fac9e2105a5 100644 --- a/.github/workflows/test_scripts.yml +++ b/.github/workflows/test_scripts.yml @@ -21,8 +21,11 @@ jobs: validate_board_list, logger_metadata, param-file-validation, - ] + ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_sitl_blimp.yml b/.github/workflows/test_sitl_blimp.yml index a88f44a1e8f52..902890dbbaaa5 100644 --- a/.github/workflows/test_sitl_blimp.yml +++ b/.github/workflows/test_sitl_blimp.yml @@ -173,6 +173,9 @@ jobs: clang, ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: @@ -220,6 +223,9 @@ jobs: ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_sitl_copter.yml b/.github/workflows/test_sitl_copter.yml index 68dc0722580a2..27ab1f8037148 100644 --- a/.github/workflows/test_sitl_copter.yml +++ b/.github/workflows/test_sitl_copter.yml @@ -171,6 +171,9 @@ jobs: clang, ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: @@ -225,6 +228,9 @@ jobs: ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: @@ -293,6 +299,9 @@ jobs: image: ardupilot/ardupilot-dev-base:v0.1.3 options: --privileged --cap-add=SYS_PTRACE --security-opt apparmor=unconfined --security-opt seccomp=unconfined steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: @@ -334,6 +343,9 @@ jobs: ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_sitl_periph.yml b/.github/workflows/test_sitl_periph.yml index 7e38efbdb889a..e353888fc114f 100644 --- a/.github/workflows/test_sitl_periph.yml +++ b/.github/workflows/test_sitl_periph.yml @@ -163,6 +163,9 @@ jobs: runs-on: ubuntu-22.04 container: ardupilot/ardupilot-dev-periph:v0.1.3 steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: @@ -213,6 +216,9 @@ jobs: ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_sitl_plane.yml b/.github/workflows/test_sitl_plane.yml index c23b5932652a8..54d0e2cdc7ce3 100644 --- a/.github/workflows/test_sitl_plane.yml +++ b/.github/workflows/test_sitl_plane.yml @@ -172,6 +172,9 @@ jobs: clang, ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: @@ -222,6 +225,9 @@ jobs: ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_sitl_rover.yml b/.github/workflows/test_sitl_rover.yml index affdc87f325e0..5a0944df5f4dd 100644 --- a/.github/workflows/test_sitl_rover.yml +++ b/.github/workflows/test_sitl_rover.yml @@ -171,6 +171,9 @@ jobs: clang, ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: @@ -223,6 +226,9 @@ jobs: ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_sitl_sub.yml b/.github/workflows/test_sitl_sub.yml index ea62a73599c8f..915b1bf7e3acb 100644 --- a/.github/workflows/test_sitl_sub.yml +++ b/.github/workflows/test_sitl_sub.yml @@ -174,6 +174,9 @@ jobs: clang, ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: @@ -222,6 +225,9 @@ jobs: ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_sitl_tracker.yml b/.github/workflows/test_sitl_tracker.yml index f4ce55f7ed912..651b8c8a540c2 100644 --- a/.github/workflows/test_sitl_tracker.yml +++ b/.github/workflows/test_sitl_tracker.yml @@ -174,6 +174,9 @@ jobs: clang, ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: @@ -221,6 +224,9 @@ jobs: ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: diff --git a/.github/workflows/test_size.yml b/.github/workflows/test_size.yml index 4b0a10234a6d3..4397fbed34875 100644 --- a/.github/workflows/test_size.yml +++ b/.github/workflows/test_size.yml @@ -86,6 +86,9 @@ jobs: - config: disco toolchain: chibios steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} - uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.base.ref }} diff --git a/.github/workflows/test_unit_tests.yml b/.github/workflows/test_unit_tests.yml index 9f2321f21c933..bbbbf9cb73e07 100644 --- a/.github/workflows/test_unit_tests.yml +++ b/.github/workflows/test_unit_tests.yml @@ -117,6 +117,9 @@ jobs: sitl ] steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} # git checkout the PR - uses: actions/checkout@v5 with: