diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index d5498e9..b95b8bf 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -1,10 +1,13 @@ name: Build on: - # Trigger the workflow on push or pull request, + # Trigger the workflow on push, # but only for the master branch push: branches: - master + +permissions: read-all + jobs: build: name: Patch building @@ -23,6 +26,8 @@ jobs: name: Patch publishing runs-on: ubuntu-latest needs: build + permissions: + contents: write steps: - name: Download a single artifact uses: actions/download-artifact@v3 diff --git a/.github/workflows/build_pr.yml b/.github/workflows/build_pr.yml index 26cd492..fa4d2b8 100644 --- a/.github/workflows/build_pr.yml +++ b/.github/workflows/build_pr.yml @@ -2,6 +2,8 @@ name: Build PR on: pull_request: branches: master + +permissions: read-all jobs: build: diff --git a/.github/workflows/test_master.yml b/.github/workflows/test_master.yml index 8e3407e..9e742b6 100644 --- a/.github/workflows/test_master.yml +++ b/.github/workflows/test_master.yml @@ -1,10 +1,13 @@ name: Test on: - # Trigger the workflow on push or pull request, + # Trigger the workflow on push, # but only for the master branch push: branches: - master + +permissions: read-all + jobs: test: name: Testing @@ -26,12 +29,24 @@ jobs: with: name: test-report path: out/test.log - - name: Create Issue for Test failure - if: failure() + + issue_creation: + name: Create issue on failure + runs-on: ubuntu-latest + permissions: + issues: write + needs: test + if: failure() + steps: + - name: Download a single artifact + uses: actions/download-artifact@v3 + with: + name: test-report + - name: Create the issue uses: peter-evans/create-issue-from-file@v4 with: title: Test failure - content-filepath: out/test.log + content-filepath: test.log labels: | report automated issue