@@ -75,6 +75,9 @@ on:
type: string
default: '["self-hosted","ephemeral", "linux"]'
+permissions:
+ contents: read
+
jobs:
docker:
runs-on: ${{ fromJSON(inputs.runner_labels) }}
@@ -23,6 +23,9 @@ on:
required: true
@@ -10,6 +10,9 @@ on:
check_deps_integrity:
@@ -8,6 +8,9 @@ on:
ref:
required: false
analyze:
name: Analyze
@@ -15,7 +18,6 @@ jobs:
timeout-minutes: 360
permissions:
actions: read
- contents: read
security-events: write
container:
image: ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-ubuntu22.04
- cron: "0 * * * *"
workflow_dispatch:
rerun-failed-jobs:
if: github.repository_owner == 'emqx'
@@ -19,6 +19,9 @@ env:
TF_VAR_prometheus_remote_write_url: ${{ secrets.TF_EMQX_PERF_TEST_PROMETHEUS_REMOTE_WRITE_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.TF_EMQX_PERF_TEST_SLACK_URL }}
prepare:
runs-on: ubuntu-latest
@@ -13,9 +13,14 @@ on:
default: false
upload:
runs-on: ubuntu-22.04
+ permissions:
+ packages: write
strategy:
fail-fast: false
steps:
@@ -14,6 +14,9 @@ on:
run_conf_tests:
@@ -17,6 +17,9 @@ on:
basic-tests:
@@ -26,6 +26,9 @@ on:
env:
IS_CI: "yes"
run_emqx_app_tests:
helm_test:
relup_test_plan:
runs-on: ["${{ inputs.runner }}", 'linux', 'x64', 'ephemeral']
@@ -11,6 +11,9 @@ on:
spellcheck:
stale:
@@ -20,6 +20,9 @@ on:
static_checks: