diff --git a/.github/workflows/cron-nightly-rust.yml b/.github/workflows/cron-nightly-rust.yml index 746439844..ddc3dc751 100644 --- a/.github/workflows/cron-nightly-rust.yml +++ b/.github/workflows/cron-nightly-rust.yml @@ -1,10 +1,15 @@ name: Update nightly Rust + on: schedule: - cron: "29 17 1 * *" # At 17:29 on day-of-month 1. workflow_dispatch: # allows manual triggering + env: CARGO_TERM_COLOR: always + +permissions: {} + jobs: format: name: Update nightly Rustc diff --git a/.github/workflows/cron-zizmor.yml b/.github/workflows/cron-zizmor.yml index b6e06bd57..07dde55e9 100644 --- a/.github/workflows/cron-zizmor.yml +++ b/.github/workflows/cron-zizmor.yml @@ -4,6 +4,8 @@ on: schedule: - cron: "0 0 * * *" # Run every day at midnight +permissions: {} + jobs: zizmor: name: zizmor latest via PyPI diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 51e68839a..226d41d32 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -25,6 +25,8 @@ env:

+permissions: {} + jobs: update: name: Update diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index ee92e1a54..d2873518d 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -9,6 +9,8 @@ on: env: CARGO_TERM_COLOR: always +permissions: {} + jobs: docs: name: Generate docs diff --git a/.github/workflows/functional.yml b/.github/workflows/functional.yml index 6749ad792..3f9df5f63 100644 --- a/.github/workflows/functional.yml +++ b/.github/workflows/functional.yml @@ -8,6 +8,9 @@ on: env: CARGO_TERM_COLOR: always + +permissions: {} + jobs: lint: name: Lint test files diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 8ac3c1298..a7cde9b99 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -13,6 +13,8 @@ env: RUST_LOG: debug RUST_BACKTRACE: full +permissions: {} + jobs: test: name: Run integration tests and generate report diff --git a/.github/workflows/lint-actions.yml b/.github/workflows/lint-actions.yml index f15a15311..13e062dc8 100644 --- a/.github/workflows/lint-actions.yml +++ b/.github/workflows/lint-actions.yml @@ -1,4 +1,5 @@ name: Lint GitHub Actions workflows + on: pull_request: paths: @@ -8,6 +9,8 @@ on: paths: - ".github/**" +permissions: {} + jobs: actionlint: runs-on: ubuntu-latest diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index be255e027..b39e1c38f 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -9,6 +9,8 @@ on: env: CARGO_TERM_COLOR: always +permissions: {} + jobs: clippy: name: Run clippy on crates diff --git a/.github/workflows/mutants.yml b/.github/workflows/mutants.yml index a3a248e4b..08edd691e 100644 --- a/.github/workflows/mutants.yml +++ b/.github/workflows/mutants.yml @@ -13,6 +13,8 @@ concurrency: group: ${{ github.workflow }}-${{ github.run_id }} cancel-in-progress: true +permissions: {} + jobs: mutants-test: name: Generate mutants on diff against default branch and test diff --git a/.github/workflows/prover.yml b/.github/workflows/prover.yml index 592416b16..9eb41517f 100644 --- a/.github/workflows/prover.yml +++ b/.github/workflows/prover.yml @@ -6,6 +6,8 @@ on: push: branches: [main] +permissions: {} + jobs: eval_perf: permissions: @@ -59,4 +61,3 @@ jobs: working-directory: provers/perf env: RUSTFLAGS: "-C target-cpu=native -C link-arg=-fuse-ld=lld" - diff --git a/.github/workflows/security.yml.disabled b/.github/workflows/security.yml.disabled index f9cabc10b..0e90b0cfe 100644 --- a/.github/workflows/security.yml.disabled +++ b/.github/workflows/security.yml.disabled @@ -9,6 +9,8 @@ on: env: CARGO_TERM_COLOR: always +permissions: {} + jobs: supply-chain: name: Run `cargo-audit` diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index d6676c557..7edd81f12 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -15,6 +15,8 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: {} + jobs: test: name: Run unit tests and generate report diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index db7d88c32..00a5800a2 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -4,6 +4,8 @@ on: pull_request: branches: ["**"] +permissions: {} + jobs: zizmor: name: zizmor latest via PyPI