Skip to content

Set default workflow permissions #867

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Set default workflow permissions #867

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .github/workflows/ci-build-checks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@
# https://github.com/tensorflow/quantum/actions/workflows/ci-build-checks.yaml
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

name: CI build checks

Check warning on line 10 in .github/workflows/ci-build-checks.yaml

View workflow job for this annotation

GitHub Actions / YAML lint 

10:1 [document-start] missing document start "---"
run-name: Continuous integration build & test

on:

Check warning on line 13 in .github/workflows/ci-build-checks.yaml

View workflow job for this annotation

GitHub Actions / YAML lint 

13:1 [truthy] truthy value should be one of [false, true]
pull_request:
types: [opened, synchronize]
branches:
Expand Down Expand Up @@ -85,11 +85,14 @@
^\.github/problem-matchers/.*
^benchmarks/.*

# Cancel any previously-started but still active runs on the same branch.
concurrency:
# Cancel any previously-started but still active runs on the same branch.
cancel-in-progress: true
group: ${{github.workflow}}-${{github.event.pull_request.number||github.ref}}

# Declare default permissions as read-only.
permissions: read-all

jobs:
# Summary of basic strategy:
# 1. Job "Decision" quickly determines if the rest of the workflow needs
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/ci-file-checks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@
# https://github.com/tensorflow/quantum/actions/workflows/ci-file-checks.yaml
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

name: CI file checks

Check warning on line 15 in .github/workflows/ci-file-checks.yaml

View workflow job for this annotation

GitHub Actions / YAML lint 

15:1 [document-start] missing document start "---"
run-name: Continuous integration file checks

on:

Check warning on line 18 in .github/workflows/ci-file-checks.yaml

View workflow job for this annotation

GitHub Actions / YAML lint 

18:1 [truthy] truthy value should be one of [false, true]
pull_request:
types: [opened, synchronize]
branches:
Expand Down Expand Up @@ -65,11 +65,14 @@
# GitHub, and you have to use Ubuntu 24 to get it.
clang_format_ver: '18'

# Cancel any previously-started but still active runs on the same branch.
concurrency:
# Cancel any previously-started but still active runs on the same branch.
cancel-in-progress: true
group: ${{github.workflow}}-${{github.event.pull_request.number||github.ref}}

# Declare default permissions as read-only.
permissions: read-all

jobs:
Changes:
runs-on: ubuntu-24.04
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/ci-nightly-build-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@
# https://github.com/tensorflow/quantum/actions/workflows/ci-build-checks.yaml
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

name: CI nightly full test

Check warning on line 17 in .github/workflows/ci-nightly-build-test.yaml

View workflow job for this annotation

GitHub Actions / YAML lint 

17:1 [document-start] missing document start "---"
run-name: Continuous integration nightly build & test

on:

Check warning on line 20 in .github/workflows/ci-nightly-build-test.yaml

View workflow job for this annotation

GitHub Actions / YAML lint 

20:1 [truthy] truthy value should be one of [false, true]
schedule:
- cron: "15 6 * * *"

Expand Down Expand Up @@ -49,11 +49,14 @@
test --test_timeout=6000
test --test_verbose_timeout_warnings

# Cancel any previously-started but still active runs on the same branch.
concurrency:
# Cancel any previously-started but still active runs on the same branch.
cancel-in-progress: true
group: ${{github.workflow}}-${{github.event.pull_request.number||github.ref}}

# Declare default permissions as read-only.
permissions: read-all

jobs:
Decision:
runs-on: ubuntu-24.04
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/ci-nightly-cirq-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,10 @@
# options for overridding some of the parameters for the run.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

name: CI nightly Cirq compatibility test

Check warning on line 12 in .github/workflows/ci-nightly-cirq-test.yaml

View workflow job for this annotation

GitHub Actions / YAML lint 

12:1 [document-start] missing document start "---"
run-name: Continuous integration Cirq compatibility test

on:

Check warning on line 15 in .github/workflows/ci-nightly-cirq-test.yaml

View workflow job for this annotation

GitHub Actions / YAML lint 

15:1 [truthy] truthy value should be one of [false, true]
schedule:
- cron: "10 7 * * *"

Expand Down Expand Up @@ -64,11 +64,14 @@
build --verbose_failures
test --test_timeout=3000

# Cancel any previously-started but still active runs on the same branch.
concurrency:
# Cancel any previously-started but still active runs on the same branch.
cancel-in-progress: true
group: ${{github.workflow}}-${{github.event.pull_request.number||github.ref}}

# Declare default permissions as read-only.
permissions: read-all

jobs:
test-compatibility:
name: Run TFQ tests
Expand Down Expand Up @@ -99,13 +102,13 @@
# If we didn't get a cache hit on the installed Python environment,
# something's changed, and we want to make sure to re-run all tests.
if [[ "${{steps.python.outputs.cache-hit}}" == "true"
&& "${{github.event.inputs.cache_bazel_tests}}" != "false" ]]; then

Check failure on line 105 in .github/workflows/ci-nightly-cirq-test.yaml

View workflow job for this annotation

GitHub Actions / YAML lint 

105:81 [line-length] line too long (84 > 80 characters)
echo "cache_bazel_tests=auto" >> "$GITHUB_ENV"
else
echo "cache_bazel_tests=no" >> "$GITHUB_ENV"
fi
# Use the disk cache unless told not to.
if [[ "${{github.event.inputs.use_bazel_disk_cache}}" != "false" ]]; then

Check failure on line 111 in .github/workflows/ci-nightly-cirq-test.yaml

View workflow job for this annotation

GitHub Actions / YAML lint 

111:81 [line-length] line too long (83 > 80 characters)
echo "use_bazel_disk_cache=true" >> "$GITHUB_ENV"
else
echo "use_bazel_disk_cache=false" >> "$GITHUB_ENV"
Expand Down
Loading