From 86a61e45cff1de35f32c0dfccda56d3708604c03 Mon Sep 17 00:00:00 2001 From: Ezio Melotti Date: Sun, 5 Apr 2026 06:31:54 +0800 Subject: [PATCH] Add `permissions: {}` to all reusable workflows (#148114) Add permissions: {} to all reusable workflows (cherry picked from commit 1f36a510a2a16e8ff15572f44090c7db43bb7935) --- .github/workflows/reusable-docs.yml | 3 +-- .github/workflows/reusable-macos.yml | 2 ++ .github/workflows/reusable-ubuntu.yml | 2 ++ .github/workflows/reusable-windows.yml | 2 ++ 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-docs.yml b/.github/workflows/reusable-docs.yml index e99cc1fa5f217d..71ba1d97a56370 100644 --- a/.github/workflows/reusable-docs.yml +++ b/.github/workflows/reusable-docs.yml @@ -4,8 +4,7 @@ on: workflow_call: workflow_dispatch: -permissions: - contents: read +permissions: {} concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} diff --git a/.github/workflows/reusable-macos.yml b/.github/workflows/reusable-macos.yml index c4cbe180430f16..d3e9defd1109aa 100644 --- a/.github/workflows/reusable-macos.yml +++ b/.github/workflows/reusable-macos.yml @@ -9,6 +9,8 @@ on: type: boolean default: false +permissions: {} + jobs: build_macos: name: 'build and test' diff --git a/.github/workflows/reusable-ubuntu.yml b/.github/workflows/reusable-ubuntu.yml index bc62521b6b914b..c836ff59b06074 100644 --- a/.github/workflows/reusable-ubuntu.yml +++ b/.github/workflows/reusable-ubuntu.yml @@ -8,6 +8,8 @@ on: required: true type: string +permissions: {} + env: FORCE_COLOR: 1 diff --git a/.github/workflows/reusable-windows.yml b/.github/workflows/reusable-windows.yml index 851f501dbf42c4..fad82009fb5166 100644 --- a/.github/workflows/reusable-windows.yml +++ b/.github/workflows/reusable-windows.yml @@ -6,6 +6,8 @@ on: type: boolean default: false +permissions: {} + jobs: build_win32: name: 'build and test (x86)'