Merge pull request #1045 from atsign-foundation/cpswan-workflow-fixes

.github/workflows/python-sshnpd-build-publish.yml

@@ -7,6 +7,8 @@ on:
       - 'p*.*.*'
     branches:
       - trunk
+    paths:
+      - 'packages/python/sshnpd/**'
 
 permissions:  # added using https://github.com/step-security/secure-repo
   contents: read
@@ -27,13 +29,14 @@ jobs:
     - name: Install Poetry
       uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 # v3.0.0
       with:
-        poetry-version: '1.8.2'
+        poetry-version: '1.8.3'
 
     # The dark mode and light mode Atsign logos in the GitHub README don't
     # show properly on PyPI so we have a copy of the README.md in
     # README.PyPI.md with just the light mode logo.
     # This step checks that we don't have drift between the docs.
     - name: Check that READMEs are in sync
+      working-directory: packages/python/sshnpd
       run: |
         diff <(tail -n +2 README.md) <(tail -n +2 README.PyPI.md)
 

.github/workflows/python_tests.yaml

@@ -4,6 +4,9 @@ on:
     paths:
       - 'packages/python/**'
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   ruff:
     runs-on: ubuntu-latest

.github/workflows/update_python_requirements.yml

@@ -5,13 +5,16 @@ on:
       - 'packages/python/sshnpd/pyproject.toml'
   workflow_dispatch:
 
-permissions:
-  pull-requests: write
+# Declare default permissions as read only.
+permissions: read-all
 
 jobs:
   bump_requirements:
     runs-on: ubuntu-latest
 
+    permissions:
+      pull-requests: write
+
     steps:
     - name: Checkout this repo
       if: ${{ github.actor == 'dependabot[bot]' }}
@@ -31,7 +34,7 @@ jobs:
       if: ${{ github.actor == 'dependabot[bot]' }}
       uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 # v3.0.0
       with:
-        poetry-version: '1.8.2'
+        poetry-version: '1.8.3'
 
     - name: Bump sshnpd Python dependencies
       working-directory: packages/python/sshnpd