You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@arrow.apache.org by li...@apache.org on 2022/10/04 21:14:32 UTC

[arrow-adbc] branch main updated: ci: update action versions, restrict token scopes (#146)

This is an automated email from the ASF dual-hosted git repository.

lidavidm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-adbc.git


The following commit(s) were added to refs/heads/main by this push:
     new 1f04ed8  ci: update action versions, restrict token scopes (#146)
1f04ed8 is described below

commit 1f04ed8b4093be32773eb159e14ccee8ec463dd7
Author: David Li <li...@gmail.com>
AuthorDate: Tue Oct 4 17:14:27 2022 -0400

    ci: update action versions, restrict token scopes (#146)
---
 .github/workflows/cpp.yml               | 3 +++
 .github/workflows/dev.yml               | 5 ++++-
 .github/workflows/dev_pr.yml            | 6 +++++-
 .github/workflows/dev_pr/title_check.js | 6 +++---
 .github/workflows/go.yml                | 3 +++
 .github/workflows/java.yml              | 3 +++
 6 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/cpp.yml b/.github/workflows/cpp.yml
index 22e1f08..25f32e1 100644
--- a/.github/workflows/cpp.yml
+++ b/.github/workflows/cpp.yml
@@ -39,6 +39,9 @@ concurrency:
   group: ${{ github.repository }}-${{ github.ref }}-${{ github.workflow }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   cpp-conda-unix:
     name: "Conda/${{ matrix.os }}"
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
index 4fbed71..3acb30f 100644
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@@ -25,6 +25,9 @@ concurrency:
   group: ${{ github.repository }}-${{ github.ref }}-${{ github.workflow }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   pre-commit:
     name: "pre-commit"
@@ -38,7 +41,7 @@ jobs:
         with:
           go-version-file: 'go/adbc/go.mod'
           check-latest: true
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
       - name: install golangci-lint
         run: |
           go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.49.0
diff --git a/.github/workflows/dev_pr.yml b/.github/workflows/dev_pr.yml
index f7e0244..ad629df 100644
--- a/.github/workflows/dev_pr.yml
+++ b/.github/workflows/dev_pr.yml
@@ -24,6 +24,10 @@ on:
       - edited
       - synchronize
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   process:
     name: Process
@@ -38,7 +42,7 @@ jobs:
           github.event_name == 'pull_request_target' &&
             (github.event.action == 'opened' ||
              github.event.action == 'edited')
-        uses: actions/github-script@v3
+        uses: actions/github-script@v6
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
diff --git a/.github/workflows/dev_pr/title_check.js b/.github/workflows/dev_pr/title_check.js
index fd0cc76..2f9f1c2 100644
--- a/.github/workflows/dev_pr/title_check.js
+++ b/.github/workflows/dev_pr/title_check.js
@@ -33,7 +33,7 @@ const COMMENT_BODY = ":warning: Please follow the [Conventional Commits format i
 
 function matchesCommitFormat(title) {
     const commitType = `(${COMMIT_TYPES.join('|')})`;
-    const scope = "\\([a-zA-Z0-9_/\\-,]+\\)?";
+    const scope = "(\\([a-zA-Z0-9_/\\-,]+\\))?";
     const delimiter = "!?:";
     const subject = " .+";
     const regexp = new RegExp(`^${commitType}${scope}${delimiter}${subject}$`);
@@ -41,7 +41,7 @@ function matchesCommitFormat(title) {
 }
 
 async function commentCommitFormat(github, context, pullRequestNumber) {
-    const {data: comments} = await github.issues.listComments({
+    const {data: comments} = await github.rest.issues.listComments({
         owner: context.repo.owner,
         repo: context.repo.repo,
         issue_number: pullRequestNumber,
@@ -57,7 +57,7 @@ async function commentCommitFormat(github, context, pullRequestNumber) {
     }
 
     if (!found) {
-        await github.issues.createComment({
+        await github.rest.issues.createComment({
             owner: context.repo.owner,
             repo: context.repo.repo,
             issue_number: pullRequestNumber,
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 303b6b7..dc2cc9c 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -33,6 +33,9 @@ on:
       - "go/adbc/**"
       - ".github/workflows/go.yml"
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.repository }}-${{ github.ref }}-${{ github.workflow }}
   cancel-in-progress: true
diff --git a/.github/workflows/java.yml b/.github/workflows/java.yml
index c823639..bc18594 100644
--- a/.github/workflows/java.yml
+++ b/.github/workflows/java.yml
@@ -33,6 +33,9 @@ concurrency:
   group: ${{ github.repository }}-${{ github.ref }}-${{ github.workflow }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   java:
     name: "Java ${{ matrix.java }}/Linux"