You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@arrow.apache.org by li...@apache.org on 2022/10/04 21:14:32 UTC
[arrow-adbc] branch main updated: ci: update action versions, restrict token scopes (#146)
This is an automated email from the ASF dual-hosted git repository.
lidavidm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-adbc.git
The following commit(s) were added to refs/heads/main by this push:
new 1f04ed8 ci: update action versions, restrict token scopes (#146)
1f04ed8 is described below
commit 1f04ed8b4093be32773eb159e14ccee8ec463dd7
Author: David Li <li...@gmail.com>
AuthorDate: Tue Oct 4 17:14:27 2022 -0400
ci: update action versions, restrict token scopes (#146)
---
.github/workflows/cpp.yml | 3 +++
.github/workflows/dev.yml | 5 ++++-
.github/workflows/dev_pr.yml | 6 +++++-
.github/workflows/dev_pr/title_check.js | 6 +++---
.github/workflows/go.yml | 3 +++
.github/workflows/java.yml | 3 +++
6 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/cpp.yml b/.github/workflows/cpp.yml
index 22e1f08..25f32e1 100644
--- a/.github/workflows/cpp.yml
+++ b/.github/workflows/cpp.yml
@@ -39,6 +39,9 @@ concurrency:
group: ${{ github.repository }}-${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
+permissions:
+ contents: read
+
jobs:
cpp-conda-unix:
name: "Conda/${{ matrix.os }}"
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
index 4fbed71..3acb30f 100644
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@@ -25,6 +25,9 @@ concurrency:
group: ${{ github.repository }}-${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
+permissions:
+ contents: read
+
jobs:
pre-commit:
name: "pre-commit"
@@ -38,7 +41,7 @@ jobs:
with:
go-version-file: 'go/adbc/go.mod'
check-latest: true
- - uses: actions/setup-python@v2
+ - uses: actions/setup-python@v4
- name: install golangci-lint
run: |
go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.49.0
diff --git a/.github/workflows/dev_pr.yml b/.github/workflows/dev_pr.yml
index f7e0244..ad629df 100644
--- a/.github/workflows/dev_pr.yml
+++ b/.github/workflows/dev_pr.yml
@@ -24,6 +24,10 @@ on:
- edited
- synchronize
+permissions:
+ contents: read
+ pull-requests: write
+
jobs:
process:
name: Process
@@ -38,7 +42,7 @@ jobs:
github.event_name == 'pull_request_target' &&
(github.event.action == 'opened' ||
github.event.action == 'edited')
- uses: actions/github-script@v3
+ uses: actions/github-script@v6
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
diff --git a/.github/workflows/dev_pr/title_check.js b/.github/workflows/dev_pr/title_check.js
index fd0cc76..2f9f1c2 100644
--- a/.github/workflows/dev_pr/title_check.js
+++ b/.github/workflows/dev_pr/title_check.js
@@ -33,7 +33,7 @@ const COMMENT_BODY = ":warning: Please follow the [Conventional Commits format i
function matchesCommitFormat(title) {
const commitType = `(${COMMIT_TYPES.join('|')})`;
- const scope = "\\([a-zA-Z0-9_/\\-,]+\\)?";
+ const scope = "(\\([a-zA-Z0-9_/\\-,]+\\))?";
const delimiter = "!?:";
const subject = " .+";
const regexp = new RegExp(`^${commitType}${scope}${delimiter}${subject}$`);
@@ -41,7 +41,7 @@ function matchesCommitFormat(title) {
}
async function commentCommitFormat(github, context, pullRequestNumber) {
- const {data: comments} = await github.issues.listComments({
+ const {data: comments} = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pullRequestNumber,
@@ -57,7 +57,7 @@ async function commentCommitFormat(github, context, pullRequestNumber) {
}
if (!found) {
- await github.issues.createComment({
+ await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pullRequestNumber,
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 303b6b7..dc2cc9c 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -33,6 +33,9 @@ on:
- "go/adbc/**"
- ".github/workflows/go.yml"
+permissions:
+ contents: read
+
concurrency:
group: ${{ github.repository }}-${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
diff --git a/.github/workflows/java.yml b/.github/workflows/java.yml
index c823639..bc18594 100644
--- a/.github/workflows/java.yml
+++ b/.github/workflows/java.yml
@@ -33,6 +33,9 @@ concurrency:
group: ${{ github.repository }}-${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
+permissions:
+ contents: read
+
jobs:
java:
name: "Java ${{ matrix.java }}/Linux"