Merge pull request #13609 from id/20240814-update-ci

update ci

.github/workflows/_pr_entrypoint.yaml

@@ -11,6 +11,9 @@ on:
       ref:
         required: false
 
+permissions:
+  contents: read
+
 defaults:
   run:
     shell: bash
@@ -48,9 +51,6 @@ jobs:
       ct-host: ${{ steps.matrix.outputs.ct-host }}
       ct-docker: ${{ steps.matrix.outputs.ct-docker }}
 
-    permissions:
-      contents: read
-
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
@@ -132,9 +132,6 @@ jobs:
           - emqx
           - emqx-enterprise
 
-    permissions:
-      contents: read
-
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
@@ -184,6 +181,9 @@ jobs:
       - init
       - sanity-checks
       - compile
+    permissions:
+      contents: read
+      pull-requests: write
     uses: ./.github/workflows/run_test_cases.yaml
     with:
       builder: ${{ needs.init.outputs.BUILDER }}

.github/workflows/_push-entrypoint.yaml

@@ -17,6 +17,9 @@ on:
       ref:
         required: false
 
+permissions:
+  contents: read
+
 defaults:
   run:
     shell: bash
@@ -57,9 +60,6 @@ jobs:
       ct-host: ${{ steps.matrix.outputs.ct-host }}
       ct-docker: ${{ steps.matrix.outputs.ct-docker }}
 
-    permissions:
-      contents: read
-
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
@@ -137,9 +137,6 @@ jobs:
           - emqx
           - emqx-enterprise
 
-    permissions:
-      contents: read
-
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:

.github/workflows/build_and_push_docker_images.yaml

@@ -20,13 +20,13 @@ on:
         default: false
     secrets:
       DOCKER_HUB_USER:
-        required: true
+        required: false
       DOCKER_HUB_TOKEN:
-        required: true
+        required: false
       AWS_ACCESS_KEY_ID:
-        required: true
+        required: false
       AWS_SECRET_ACCESS_KEY:
-        required: true
+        required: false
   workflow_dispatch:
     inputs:
       ref:

.github/workflows/build_packages_cron.yaml

@@ -22,7 +22,6 @@ jobs:
       matrix:
         profile:
           - ['emqx', 'master']
-          - ['emqx', 'release-57']
           - ['emqx', 'release-58']
         os:
           - ubuntu22.04

.github/workflows/codeql.yaml

@@ -23,7 +23,6 @@ jobs:
       matrix:
         branch:
           - master
-          - release-57
           - release-58
         language:
           - cpp

.github/workflows/green_master.yaml

@@ -23,7 +23,6 @@ jobs:
       matrix:
         ref:
           - master
-          - release-57
           - release-58
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

.github/workflows/run_test_cases.yaml

@@ -20,6 +20,9 @@ on:
         required: true
         type: string
 
+permissions:
+  contents: read
+
 env:
   IS_CI: "yes"
 
@@ -42,9 +45,6 @@ jobs:
       ENABLE_COVER_COMPILE: 1
       CT_COVER_EXPORT_PREFIX: ${{ matrix.profile }}
 
-    permissions:
-      contents: read
-
     steps:
       - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
@@ -86,9 +86,6 @@ jobs:
     env:
       PROFILE: ${{ matrix.profile }}
 
-    permissions:
-      contents: read
-
     steps:
       - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
@@ -154,9 +151,6 @@ jobs:
       run:
         shell: bash
 
-    permissions:
-      contents: read
-
     env:
       PROFILE: ${{ matrix.profile }}
       SUITEGROUP: ${{ matrix.suitegroup }}

.github/workflows/sync-release-branch.yaml

@@ -20,7 +20,7 @@ jobs:
       fail-fast: false
       matrix:
         branch:
-          - release-57
+          - release-58
 
     env:
       SYNC_BRANCH: ${{ matrix.branch }}