Trang chủ Khám phá Trợ giúp
Đăng nhập
akillibulut
/
cost-model
mirror of https://github.com/kubecost/cost-model
2
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Browse Source

explicitly zero out perms

Signed-off-by: Alex Meijer <alexander.meijer@ibm.com>
Alex Meijer 1 năm trước cách đây
mục cha
96ebff872b
commit
699b63e22d
1 tập tin đã thay đổi với 7 bổ sung0 xóa
Split View Hiển thị tình trạng sai khác
  1. 7 0
      .github/workflows/integration-testing.yaml

+ 7 - 0
.github/workflows/integration-testing.yaml
Xem Tập Tin 

@@ -19,6 +19,7 @@ concurrency:
 
 jobs:
 
     check_actor_permissions:
 
         runs-on: ubuntu-latest
 
+        permissions: {}
 
         outputs:
 
             ismaintainer: ${{ steps.check_permissions.outputs.ismaintainer }}
 
         steps:
 
@@ -43,6 +44,7 @@ jobs:
 
                 core.setOutput('ismaintainer', isActorMaintainer.toString());
 
     noop-tests:
 
         needs: check_actor_permissions
 
+        permissions: {}
 
         runs-on: Kubecost-Linux-Small-x86
 
         if: ${{ always() && !cancelled() && github.event_name != 'merge_group' && github.ref != 'refs/heads/develop' && needs.check_actor_permissions.outputs.ismaintainer == 'false' }}
 
         outputs:
 
@@ -55,6 +57,7 @@ jobs:
 
               echo "is_noop=true" >> $GITHUB_OUTPUT
 
     wait_for_image_ready:
 
         runs-on: ubuntu-latest
 
+        permissions: {}
 
         needs: check_actor_permissions
 
         if: ${{ (always() && !cancelled()) && ( github.event_name == 'merge_group' || github.ref != 'refs/heads/develop'  || needs.check_actor_permissions.outputs.ismaintainer == 'true') }}
 
         outputs:
 
@@ -140,6 +143,7 @@ jobs:
 
               echo "DNS resolved successfully for ${{ needs.wait_for_image_ready.outputs.NAMESPACE }}.infra.opencost.io!"
 
     run-tests:
 
         needs: [wait_for_image_ready, build-test-stack, wait-for-dns]
 
+        permissions: {}
 
         uses: opencost/opencost-infra/.github/workflows/test-stack.yaml@master
 
         secrets: inherit
 
         with:
 
@@ -148,6 +152,7 @@ jobs:
 
     
     teardown-test-stack:
 
         needs: [wait_for_image_ready, run-tests]
 
+        permissions: {}
 
         uses: opencost/opencost-infra/.github/workflows/destroy-stack.yaml@master
 
         if: always()
 
         secrets: inherit 
@@ -156,6 +161,7 @@ jobs:
 
 
     check-success:
 
         needs: [noop-tests, run-tests]
 
+        permissions: {}
 
         runs-on: ubuntu-latest
 
         if: ${{ always() }}
 
         steps:
 
@@ -177,6 +183,7 @@ jobs:
 
     set-labels:
 
       needs: [wait_for_image_ready, run-tests]
 
       runs-on: ubuntu-latest
 
+      permissions: {}
 
       steps:
 
         - name: label integration tests failing
 
           if: ${{ always()  && contains(needs.*.result, 'failure') && !cancelled()}}