From ab1011bd75ed2e1603a49d508ac21cb4c9d4da47 Mon Sep 17 00:00:00 2001 From: Bonnie Date: Fri, 28 Nov 2025 10:13:10 +0800 Subject: [PATCH 01/14] feat: add workflows for external and internal PRs with unit and integration tests --- .github/workflows/build-test-workflow.yml | 88 +++++++++++++++++++++++ .github/workflows/pr-external.yaml | 36 ++++++++++ .github/workflows/pr-internal.yaml | 33 +++++++++ 3 files changed, 157 insertions(+) create mode 100644 .github/workflows/build-test-workflow.yml create mode 100644 .github/workflows/pr-external.yaml create mode 100644 .github/workflows/pr-internal.yaml diff --git a/.github/workflows/build-test-workflow.yml b/.github/workflows/build-test-workflow.yml new file mode 100644 index 00000000..c319d90f --- /dev/null +++ b/.github/workflows/build-test-workflow.yml @@ -0,0 +1,88 @@ +name: Build and Test + +on: + workflow_call: + inputs: + sha: + required: true + type: string + ENVIRONMENT: + required: true + type: string + secrets: + WALLET_PRIVATE_KEY: + required: true + WALLET_ADDRESS: + required: true + WALLET_ADDRESS_2: + required: true + WALLET_PRIVATE_KEY_2: + required: true + RPC_PROVIDER_URL: + required: true + +jobs: + build_and_test: + name: Build and Test + timeout-minutes: 60 + runs-on: ubuntu-latest + environment: ${{ inputs.ENVIRONMENT }} + strategy: + fail-fast: false + matrix: + python-version: ["3.10"] + env: + WALLET_PRIVATE_KEY: ${{ secrets.WALLET_PRIVATE_KEY }} + WALLET_ADDRESS: ${{ secrets.WALLET_ADDRESS }} + WALLET_PRIVATE_KEY_2: ${{ secrets.WALLET_PRIVATE_KEY_2 }} + WALLET_ADDRESS_2: ${{ secrets.WALLET_ADDRESS_2 }} + RPC_PROVIDER_URL: ${{ secrets.RPC_PROVIDER_URL }} + + steps: + - name: Set Timestamp + run: | + echo "TIMESTAMP=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV + + - name: Check out code + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + with: + ref: ${{ inputs.sha }} + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + - name: Install uv + uses: astral-sh/setup-uv@v6.0.0 + with: + version: "0.9.11" + - name: Install dependencies + run: uv pip install --system -e ".[dev]" + + - name: Run unit tests + run: | + coverage run -m pytest tests/unit -v -ra -q + coverage report + + - name: Run integration tests + run: | + pytest tests/integration/test_integration_license.py -v -ra --html=report.html --self-contained-html + + - name: Rename Integration Test Report + run: | + mkdir -p report + mv -f report.html report/report-${{ env.TIMESTAMP }}.html + + - name: Deploy Integration Test Report + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e #v4.0.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: report + keep_files: true + allow_empty_commit: true + + - name: Add Github Page Link to Summary + run: | + repo_name=$(echo "${{ github.repository }}" | cut -d'/' -f2) + github_pages_url="https://${{ github.repository_owner }}.github.io/${repo_name}/report-${{ env.TIMESTAMP }}.html" + echo "## 📊Github Page Link: [View Test Report](${github_pages_url})" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/pr-external.yaml b/.github/workflows/pr-external.yaml new file mode 100644 index 00000000..c32153f3 --- /dev/null +++ b/.github/workflows/pr-external.yaml @@ -0,0 +1,36 @@ +name: Workflow for External PRs with Unit & Integration Tests + +on: + pull_request_target: + types: [opened, synchronize] + branches: + - main + +jobs: + Timestamp_PR_CREATED: + uses: storyprotocol/gha-workflows/.github/workflows/reusable-timestamp.yml@main + + authorize: + if: github.event.pull_request.head.repo.full_name != github.repository + needs: [Timestamp_PR_CREATED] + environment: "external" + runs-on: ubuntu-latest + steps: + - run: true + + Timestamp_PR_APPROVED: + needs: [authorize] + uses: storyprotocol/gha-workflows/.github/workflows/reusable-timestamp.yml@main + + tests: + needs: [authorize, Timestamp_PR_APPROVED] + uses: ./.github/workflows/build-test-workflow.yml + with: + sha: ${{ github.event.pull_request.head.sha }} + ENVIRONMENT: "aeneid" + secrets: + WALLET_ADDRESS: ${{ secrets.WALLET_ADDRESS }} + WALLET_PRIVATE_KEY: ${{ secrets.WALLET_PRIVATE_KEY }} + WALLET_ADDRESS_2: ${{ secrets.WALLET_ADDRESS_2 }} + WALLET_PRIVATE_KEY_2: ${{ secrets.WALLET_PRIVATE_KEY_2 }} + RPC_PROVIDER_URL: ${{ secrets.RPC_PROVIDER_URL }} diff --git a/.github/workflows/pr-internal.yaml b/.github/workflows/pr-internal.yaml new file mode 100644 index 00000000..ed2c024f --- /dev/null +++ b/.github/workflows/pr-internal.yaml @@ -0,0 +1,33 @@ +name: Workflow for Internal PRs with Unit & Integration Tests + +on: + pull_request: + branches: + - main + push: + branches: + - main + workflow_dispatch: + inputs: + sha: + description: "Git commit SHA to test (leave empty to use current commit)" + required: false + type: string + +jobs: + Timestamp: + if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'workflow_dispatch' }} + uses: storyprotocol/gha-workflows/.github/workflows/reusable-timestamp.yml@main + + tests: + needs: [Timestamp] + uses: ./.github/workflows/build-test-workflow.yml + with: + sha: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || (github.event_name == 'workflow_dispatch' && inputs.sha) || github.sha }} + ENVIRONMENT: "aeneid" + secrets: + WALLET_ADDRESS: ${{ secrets.WALLET_ADDRESS }} + WALLET_PRIVATE_KEY: ${{ secrets.WALLET_PRIVATE_KEY }} + WALLET_ADDRESS_2: ${{ secrets.WALLET_ADDRESS_2 }} + WALLET_PRIVATE_KEY_2: ${{ secrets.WALLET_PRIVATE_KEY_2 }} + RPC_PROVIDER_URL: ${{ secrets.RPC_PROVIDER_URL }} From 0f06ce1d2939c7e3a47bed76109d122c128db4cc Mon Sep 17 00:00:00 2001 From: Bonnie Date: Fri, 28 Nov 2025 10:39:58 +0800 Subject: [PATCH 02/14] refactor: remove unused wallet secrets from workflows and simplify integration test command --- .github/workflows/build-test-workflow.yml | 8 +------- .github/workflows/pr-external.yaml | 8 +++----- .github/workflows/pr-internal.yaml | 2 -- 3 files changed, 4 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-test-workflow.yml b/.github/workflows/build-test-workflow.yml index c319d90f..b83663e9 100644 --- a/.github/workflows/build-test-workflow.yml +++ b/.github/workflows/build-test-workflow.yml @@ -14,10 +14,6 @@ on: required: true WALLET_ADDRESS: required: true - WALLET_ADDRESS_2: - required: true - WALLET_PRIVATE_KEY_2: - required: true RPC_PROVIDER_URL: required: true @@ -34,8 +30,6 @@ jobs: env: WALLET_PRIVATE_KEY: ${{ secrets.WALLET_PRIVATE_KEY }} WALLET_ADDRESS: ${{ secrets.WALLET_ADDRESS }} - WALLET_PRIVATE_KEY_2: ${{ secrets.WALLET_PRIVATE_KEY_2 }} - WALLET_ADDRESS_2: ${{ secrets.WALLET_ADDRESS_2 }} RPC_PROVIDER_URL: ${{ secrets.RPC_PROVIDER_URL }} steps: @@ -66,7 +60,7 @@ jobs: - name: Run integration tests run: | - pytest tests/integration/test_integration_license.py -v -ra --html=report.html --self-contained-html + pytest -v -ra --html=report.html --self-contained-html - name: Rename Integration Test Report run: | diff --git a/.github/workflows/pr-external.yaml b/.github/workflows/pr-external.yaml index c32153f3..6e2f443e 100644 --- a/.github/workflows/pr-external.yaml +++ b/.github/workflows/pr-external.yaml @@ -29,8 +29,6 @@ jobs: sha: ${{ github.event.pull_request.head.sha }} ENVIRONMENT: "aeneid" secrets: - WALLET_ADDRESS: ${{ secrets.WALLET_ADDRESS }} - WALLET_PRIVATE_KEY: ${{ secrets.WALLET_PRIVATE_KEY }} - WALLET_ADDRESS_2: ${{ secrets.WALLET_ADDRESS_2 }} - WALLET_PRIVATE_KEY_2: ${{ secrets.WALLET_PRIVATE_KEY_2 }} - RPC_PROVIDER_URL: ${{ secrets.RPC_PROVIDER_URL }} + WALLET_ADDRESS: ${{ secrets.WALLET_ADDRESS }} + WALLET_PRIVATE_KEY: ${{ secrets.WALLET_PRIVATE_KEY }} + RPC_PROVIDER_URL: ${{ secrets.RPC_PROVIDER_URL }} diff --git a/.github/workflows/pr-internal.yaml b/.github/workflows/pr-internal.yaml index ed2c024f..e5d1e343 100644 --- a/.github/workflows/pr-internal.yaml +++ b/.github/workflows/pr-internal.yaml @@ -28,6 +28,4 @@ jobs: secrets: WALLET_ADDRESS: ${{ secrets.WALLET_ADDRESS }} WALLET_PRIVATE_KEY: ${{ secrets.WALLET_PRIVATE_KEY }} - WALLET_ADDRESS_2: ${{ secrets.WALLET_ADDRESS_2 }} - WALLET_PRIVATE_KEY_2: ${{ secrets.WALLET_PRIVATE_KEY_2 }} RPC_PROVIDER_URL: ${{ secrets.RPC_PROVIDER_URL }} From fb4ce00319f9316caed0fb010685de9bd9d3c1c9 Mon Sep 17 00:00:00 2001 From: Bonnie57 <146059114+bonnie57@users.noreply.github.com> Date: Fri, 28 Nov 2025 11:04:21 +0800 Subject: [PATCH 03/14] Potential fix for code scanning alert no. 15: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/build-test-workflow.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-test-workflow.yml b/.github/workflows/build-test-workflow.yml index b83663e9..a4f320fb 100644 --- a/.github/workflows/build-test-workflow.yml +++ b/.github/workflows/build-test-workflow.yml @@ -20,6 +20,8 @@ on: jobs: build_and_test: name: Build and Test + permissions: + contents: write timeout-minutes: 60 runs-on: ubuntu-latest environment: ${{ inputs.ENVIRONMENT }} From 202590a02d12e1edf31b0f5bfe9ee51f5567caeb Mon Sep 17 00:00:00 2001 From: Bonnie57 <146059114+bonnie57@users.noreply.github.com> Date: Fri, 28 Nov 2025 11:04:34 +0800 Subject: [PATCH 04/14] Potential fix for code scanning alert no. 9: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/pr-external.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pr-external.yaml b/.github/workflows/pr-external.yaml index 6e2f443e..7e415331 100644 --- a/.github/workflows/pr-external.yaml +++ b/.github/workflows/pr-external.yaml @@ -1,4 +1,6 @@ name: Workflow for External PRs with Unit & Integration Tests +permissions: + contents: read on: pull_request_target: From 1f323b9e8600aa8baab52b2f23c7c4d640de6061 Mon Sep 17 00:00:00 2001 From: Bonnie57 <146059114+bonnie57@users.noreply.github.com> Date: Fri, 28 Nov 2025 11:05:04 +0800 Subject: [PATCH 05/14] Potential fix for code scanning alert no. 12: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/pr-internal.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pr-internal.yaml b/.github/workflows/pr-internal.yaml index e5d1e343..6ddef8b9 100644 --- a/.github/workflows/pr-internal.yaml +++ b/.github/workflows/pr-internal.yaml @@ -1,4 +1,6 @@ name: Workflow for Internal PRs with Unit & Integration Tests +permissions: + contents: read on: pull_request: From b8199d0dc0b8a939759d49a4a64da22fa66519b5 Mon Sep 17 00:00:00 2001 From: Bonnie57 <146059114+bonnie57@users.noreply.github.com> Date: Fri, 28 Nov 2025 11:06:41 +0800 Subject: [PATCH 06/14] Potential fix for code scanning alert no. 10: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/pr-external.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-external.yaml b/.github/workflows/pr-external.yaml index 7e415331..7ce13dfe 100644 --- a/.github/workflows/pr-external.yaml +++ b/.github/workflows/pr-external.yaml @@ -10,8 +10,9 @@ on: jobs: Timestamp_PR_CREATED: + permissions: + contents: read uses: storyprotocol/gha-workflows/.github/workflows/reusable-timestamp.yml@main - authorize: if: github.event.pull_request.head.repo.full_name != github.repository needs: [Timestamp_PR_CREATED] From feb0743677443f567905db5530002d954c6ad241 Mon Sep 17 00:00:00 2001 From: Bonnie Date: Fri, 28 Nov 2025 13:43:10 +0800 Subject: [PATCH 07/14] feat: add build and test workflow for CI/CD with integration test report generation --- ...uild-test-workflow.yml => build-and-test-workflow.yml} | 5 ++++- .github/workflows/pr-external.yaml | 4 +--- .github/workflows/pr-internal.yaml | 8 -------- 3 files changed, 5 insertions(+), 12 deletions(-) rename .github/workflows/{build-test-workflow.yml => build-and-test-workflow.yml} (97%) diff --git a/.github/workflows/build-test-workflow.yml b/.github/workflows/build-and-test-workflow.yml similarity index 97% rename from .github/workflows/build-test-workflow.yml rename to .github/workflows/build-and-test-workflow.yml index a4f320fb..32e8dbb9 100644 --- a/.github/workflows/build-test-workflow.yml +++ b/.github/workflows/build-and-test-workflow.yml @@ -1,4 +1,7 @@ -name: Build and Test +name: Workflow for Building and Testing + +permissions: + contents: read on: workflow_call: diff --git a/.github/workflows/pr-external.yaml b/.github/workflows/pr-external.yaml index 7ce13dfe..816cafde 100644 --- a/.github/workflows/pr-external.yaml +++ b/.github/workflows/pr-external.yaml @@ -1,6 +1,4 @@ name: Workflow for External PRs with Unit & Integration Tests -permissions: - contents: read on: pull_request_target: @@ -16,7 +14,7 @@ jobs: authorize: if: github.event.pull_request.head.repo.full_name != github.repository needs: [Timestamp_PR_CREATED] - environment: "external" + environment: "aeneid" runs-on: ubuntu-latest steps: - run: true diff --git a/.github/workflows/pr-internal.yaml b/.github/workflows/pr-internal.yaml index 6ddef8b9..57ee2766 100644 --- a/.github/workflows/pr-internal.yaml +++ b/.github/workflows/pr-internal.yaml @@ -1,6 +1,4 @@ name: Workflow for Internal PRs with Unit & Integration Tests -permissions: - contents: read on: pull_request: @@ -9,12 +7,6 @@ on: push: branches: - main - workflow_dispatch: - inputs: - sha: - description: "Git commit SHA to test (leave empty to use current commit)" - required: false - type: string jobs: Timestamp: From a85f91fe0757e5a1c0a2749a1eab0f8778e59cbf Mon Sep 17 00:00:00 2001 From: Bonnie Date: Fri, 28 Nov 2025 13:44:51 +0800 Subject: [PATCH 08/14] fix: simplify SHA retrieval logic in internal PR workflow --- .github/workflows/pr-internal.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-internal.yaml b/.github/workflows/pr-internal.yaml index 57ee2766..e7781baf 100644 --- a/.github/workflows/pr-internal.yaml +++ b/.github/workflows/pr-internal.yaml @@ -17,7 +17,7 @@ jobs: needs: [Timestamp] uses: ./.github/workflows/build-test-workflow.yml with: - sha: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || (github.event_name == 'workflow_dispatch' && inputs.sha) || github.sha }} + sha: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} ENVIRONMENT: "aeneid" secrets: WALLET_ADDRESS: ${{ secrets.WALLET_ADDRESS }} From ed6e0d58f97e5c81edf067f47a16ea27764c60f1 Mon Sep 17 00:00:00 2001 From: Bonnie57 <146059114+bonnie57@users.noreply.github.com> Date: Fri, 28 Nov 2025 13:46:08 +0800 Subject: [PATCH 09/14] Potential fix for code scanning alert no. 16: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/pr-external.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pr-external.yaml b/.github/workflows/pr-external.yaml index 816cafde..d869229a 100644 --- a/.github/workflows/pr-external.yaml +++ b/.github/workflows/pr-external.yaml @@ -1,4 +1,6 @@ name: Workflow for External PRs with Unit & Integration Tests +permissions: + contents: read on: pull_request_target: From a37f7de4f77db120844c8b865cf94a4d3c86d72d Mon Sep 17 00:00:00 2001 From: Bonnie57 <146059114+bonnie57@users.noreply.github.com> Date: Fri, 28 Nov 2025 13:47:18 +0800 Subject: [PATCH 10/14] Potential fix for code scanning alert no. 11: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/pr-internal.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pr-internal.yaml b/.github/workflows/pr-internal.yaml index e7781baf..814529af 100644 --- a/.github/workflows/pr-internal.yaml +++ b/.github/workflows/pr-internal.yaml @@ -1,4 +1,6 @@ name: Workflow for Internal PRs with Unit & Integration Tests +permissions: + contents: read on: pull_request: From f8c944328bd67426ff4925ec11e7af0ed8d5e48e Mon Sep 17 00:00:00 2001 From: Bonnie Date: Fri, 28 Nov 2025 14:00:47 +0800 Subject: [PATCH 11/14] chore: update uv setup action version and add dependency installation step --- .github/workflows/build-and-test-workflow.yml | 4 +++- .github/workflows/pr-external.yaml | 2 -- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-test-workflow.yml b/.github/workflows/build-and-test-workflow.yml index 32e8dbb9..a8aadabc 100644 --- a/.github/workflows/build-and-test-workflow.yml +++ b/.github/workflows/build-and-test-workflow.yml @@ -51,10 +51,12 @@ jobs: uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} + - name: Install uv - uses: astral-sh/setup-uv@v6.0.0 + uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 #v7 with: version: "0.9.11" + - name: Install dependencies run: uv pip install --system -e ".[dev]" diff --git a/.github/workflows/pr-external.yaml b/.github/workflows/pr-external.yaml index d869229a..9d468157 100644 --- a/.github/workflows/pr-external.yaml +++ b/.github/workflows/pr-external.yaml @@ -10,8 +10,6 @@ on: jobs: Timestamp_PR_CREATED: - permissions: - contents: read uses: storyprotocol/gha-workflows/.github/workflows/reusable-timestamp.yml@main authorize: if: github.event.pull_request.head.repo.full_name != github.repository From 302dfccd28c44571ec6edf590818e636a8ce234f Mon Sep 17 00:00:00 2001 From: Bonnie Date: Fri, 28 Nov 2025 14:03:45 +0800 Subject: [PATCH 12/14] chore: add debug print statement in test configuration --- tests/integration/config/test_config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integration/config/test_config.py b/tests/integration/config/test_config.py index 863ecf5d..7813cdb6 100644 --- a/tests/integration/config/test_config.py +++ b/tests/integration/config/test_config.py @@ -31,6 +31,7 @@ private_key_2 = get_private_key_from_xprv(xprv) account_2 = web3.eth.account.from_key(private_key_2) wallet_address_2 = account_2.address +print("===") # Export all configuration __all__ = [ "web3", From f21ba9e6e245891094945888c1ee82db4cdd1416 Mon Sep 17 00:00:00 2001 From: Bonnie Date: Fri, 28 Nov 2025 14:05:16 +0800 Subject: [PATCH 13/14] chore: update workflow references to use the new build-and-test workflow --- .github/workflows/pr-external.yaml | 2 +- .github/workflows/pr-internal.yaml | 2 +- tests/integration/config/test_config.py | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-external.yaml b/.github/workflows/pr-external.yaml index 9d468157..d15fc6a0 100644 --- a/.github/workflows/pr-external.yaml +++ b/.github/workflows/pr-external.yaml @@ -25,7 +25,7 @@ jobs: tests: needs: [authorize, Timestamp_PR_APPROVED] - uses: ./.github/workflows/build-test-workflow.yml + uses: ./.github/workflows/build-and-test-workflow.yml with: sha: ${{ github.event.pull_request.head.sha }} ENVIRONMENT: "aeneid" diff --git a/.github/workflows/pr-internal.yaml b/.github/workflows/pr-internal.yaml index 814529af..a23600ed 100644 --- a/.github/workflows/pr-internal.yaml +++ b/.github/workflows/pr-internal.yaml @@ -17,7 +17,7 @@ jobs: tests: needs: [Timestamp] - uses: ./.github/workflows/build-test-workflow.yml + uses: ./.github/workflows/build-and-test-workflow.yml with: sha: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} ENVIRONMENT: "aeneid" diff --git a/tests/integration/config/test_config.py b/tests/integration/config/test_config.py index 7813cdb6..863ecf5d 100644 --- a/tests/integration/config/test_config.py +++ b/tests/integration/config/test_config.py @@ -31,7 +31,6 @@ private_key_2 = get_private_key_from_xprv(xprv) account_2 = web3.eth.account.from_key(private_key_2) wallet_address_2 = account_2.address -print("===") # Export all configuration __all__ = [ "web3", From e85488d0baf45a959be2f0fa726d12c8b8110bee Mon Sep 17 00:00:00 2001 From: Bonnie Date: Fri, 28 Nov 2025 14:08:22 +0800 Subject: [PATCH 14/14] chore: update workflow permissions from read to write for build and PR workflows --- .github/workflows/build-and-test-workflow.yml | 2 +- .github/workflows/pr-external.yaml | 2 +- .github/workflows/pr-internal.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-test-workflow.yml b/.github/workflows/build-and-test-workflow.yml index a8aadabc..c7c5068f 100644 --- a/.github/workflows/build-and-test-workflow.yml +++ b/.github/workflows/build-and-test-workflow.yml @@ -1,7 +1,7 @@ name: Workflow for Building and Testing permissions: - contents: read + contents: write on: workflow_call: diff --git a/.github/workflows/pr-external.yaml b/.github/workflows/pr-external.yaml index d15fc6a0..445c00f2 100644 --- a/.github/workflows/pr-external.yaml +++ b/.github/workflows/pr-external.yaml @@ -1,6 +1,6 @@ name: Workflow for External PRs with Unit & Integration Tests permissions: - contents: read + contents: write on: pull_request_target: diff --git a/.github/workflows/pr-internal.yaml b/.github/workflows/pr-internal.yaml index a23600ed..77b16291 100644 --- a/.github/workflows/pr-internal.yaml +++ b/.github/workflows/pr-internal.yaml @@ -1,6 +1,6 @@ name: Workflow for Internal PRs with Unit & Integration Tests permissions: - contents: read + contents: write on: pull_request: