diff --git a/.github/workflows/build_test_publish_images.yaml b/.github/workflows/build_test_publish_images.yaml index c4178a804..9fd2fc192 100644 --- a/.github/workflows/build_test_publish_images.yaml +++ b/.github/workflows/build_test_publish_images.yaml @@ -36,24 +36,11 @@ defaults: run: shell: bash -permissions: - actions: read - checks: none - contents: read - deployments: none - discussions: none - id-token: write - issues: none - packages: read - pages: none - pull-requests: read - repository-projects: none - security-events: none - statuses: none - jobs: compute-matrix: runs-on: ubuntu-latest + permissions: + contents: read container: image: rapidsai/ci-conda:26.06-latest outputs: @@ -111,6 +98,8 @@ jobs: build-images: name: Build images needs: compute-matrix + permissions: + contents: read secrets: inherit # zizmor: ignore[secrets-inherit] strategy: matrix: ${{ fromJson(needs.compute-matrix.outputs.MATRIX) }} @@ -127,6 +116,8 @@ jobs: build-cuopt-multiarch-manifest: name: Build cuopt multiarch manifest needs: [build-images, compute-matrix] + permissions: + contents: read strategy: matrix: CUDA_VER: ${{ fromJson(needs.compute-matrix.outputs.MATRIX).cuda_ver }} @@ -171,6 +162,8 @@ jobs: test-images: name: Test images needs: [build-cuopt-multiarch-manifest, compute-matrix] + permissions: + contents: read secrets: inherit # zizmor: ignore[secrets-inherit] strategy: matrix: diff --git a/ci/test_self_hosted_service.sh b/ci/test_self_hosted_service.sh index 601b45326..864e998c9 100755 --- a/ci/test_self_hosted_service.sh +++ b/ci/test_self_hosted_service.sh @@ -79,7 +79,7 @@ DELAY=10 sleep $DELAY -server_status=$(curl -k -sL https://0.0.0.0:$CUOPT_SERVER_PORT/cuopt/health) +server_status=$(curl -k -sL https://0.0.0.0:$CUOPT_SERVER_PORT/cuopt/health) # NOSONAR — self-signed cert generated locally by this script for CI; not a real TLS endpoint. EXITCODE=0