diff --git a/.circleci/config.yml b/.circleci/config.yml
index 2b6ef7c642f4..d6da6baa1e97 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -209,4 +209,6 @@ workflows:
version: 2
build:
jobs:
+ # NOTE: If you rename this job, then you must update the `if` condition
+ # and `circleci-jobs` option in `.github/workflows/circleci.yml`.
- docs-python38
diff --git a/.github/workflows/cibuildsdist.yml b/.github/workflows/cibuildsdist.yml
index 4e1d9085f5be..a71cd642a9b7 100644
--- a/.github/workflows/cibuildsdist.yml
+++ b/.github/workflows/cibuildsdist.yml
@@ -1,3 +1,4 @@
+---
name: Build CI sdist and wheel
on:
@@ -17,6 +18,9 @@ on:
- reopened
- labeled
+permissions:
+ contents: read
+
jobs:
build_sdist:
if: |
diff --git a/.github/workflows/cibuildwheel.yml b/.github/workflows/cibuildwheel.yml
index 8cf83738a32c..825d72580c47 100644
--- a/.github/workflows/cibuildwheel.yml
+++ b/.github/workflows/cibuildwheel.yml
@@ -1,3 +1,4 @@
+---
name: Build CI wheels
on:
@@ -17,6 +18,9 @@ on:
- reopened
- labeled
+permissions:
+ contents: read
+
jobs:
build_wheels:
if: |
diff --git a/.github/workflows/circleci.yml b/.github/workflows/circleci.yml
index 5c1c2c60331f..85e25f9c03ae 100644
--- a/.github/workflows/circleci.yml
+++ b/.github/workflows/circleci.yml
@@ -1,7 +1,11 @@
+---
on: [status]
+permissions:
+ statuses: write
jobs:
circleci_artifacts_redirector_job:
runs-on: ubuntu-latest
+ if: "${{ github.event.context == 'ci/circleci: docs-python38' }}"
name: Run CircleCI artifacts redirector
steps:
- name: GitHub Action step
@@ -11,3 +15,7 @@ jobs:
artifact-path: 0/doc/build/html/index.html
circleci-jobs: docs-python38
job-title: View the built docs
+ - name: Check the URL
+ if: github.event.status != 'pending'
+ run: |
+ curl --fail ${{ steps.step1.outputs.url }} | grep $GITHUB_SHA
diff --git a/.github/workflows/clean_pr.yml b/.github/workflows/clean_pr.yml
index f807ccf8506c..5ee1279cc7b2 100644
--- a/.github/workflows/clean_pr.yml
+++ b/.github/workflows/clean_pr.yml
@@ -1,6 +1,10 @@
+---
name: PR cleanliness
on: [pull_request]
+permissions:
+ contents: read
+
jobs:
pr_clean:
runs-on: ubuntu-latest
diff --git a/.github/workflows/nightlies.yml b/.github/workflows/nightlies.yml
index 48c6e9713a8d..716d0c867aee 100644
--- a/.github/workflows/nightlies.yml
+++ b/.github/workflows/nightlies.yml
@@ -7,6 +7,9 @@ on:
# Run on demand with workflow dispatch
workflow_dispatch:
+permissions:
+ actions: read
+
jobs:
upload_nightly_wheels:
name: Upload nightly wheels to Anaconda Cloud
diff --git a/.github/workflows/pr_welcome.yml b/.github/workflows/pr_welcome.yml
index 1e2627c911af..cfac27eb4a88 100644
--- a/.github/workflows/pr_welcome.yml
+++ b/.github/workflows/pr_welcome.yml
@@ -1,7 +1,11 @@
+---
name: PR Greetings
on: [pull_request_target]
+permissions:
+ pull-requests: write
+
jobs:
greeting:
runs-on: ubuntu-latest
diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml
index 4528c39234c9..cd862f11f1d6 100644
--- a/.github/workflows/reviewdog.yml
+++ b/.github/workflows/reviewdog.yml
@@ -1,6 +1,12 @@
+---
name: Linting
on: [pull_request]
+permissions:
+ contents: read
+ checks: write
+ pull-requests: write
+
jobs:
flake8:
name: flake8
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 08766f006f5b..30f029ac8fff 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -1,3 +1,4 @@
+---
name: Tests
concurrency:
group: ${{ github.workflow }}-${{ github.event.number }}-${{ github.event.ref }}
@@ -25,6 +26,8 @@ env:
jobs:
test:
if: "github.event_name == 'workflow_dispatch' || github.repository == 'matplotlib/matplotlib' && !contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.head_commit.message, '[skip github]')"
+ permissions:
+ contents: read
name: "Python ${{ matrix.python-version }} on ${{ matrix.os }} ${{ matrix.name-suffix }}"
runs-on: ${{ matrix.os }}
@@ -281,9 +284,11 @@ jobs:
# Separate dependent job to only upload one issue from the matrix of jobs
create-issue:
- runs-on: ubuntu-latest
- needs: [test]
if: ${{ failure() && github.event_name == 'schedule' }}
+ needs: [test]
+ permissions:
+ issues: write
+ runs-on: ubuntu-latest
name: "Create issue on failure"
steps:
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy