From cf16eafc175a738c60bbfac9051025399d061bb4 Mon Sep 17 00:00:00 2001 From: Phoebus Mak Date: Mon, 23 Feb 2026 14:24:21 +0000 Subject: [PATCH] Fix GH token warning in persistence storage --- .github/workflows/build.yml | 14 ++++++++------ .github/workflows/persistent_storage.yml | 3 +++ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2d4c4d79a9a..e769b86e879 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -216,6 +216,7 @@ jobs: name: Cleanup persistent storages uses: ./.github/workflows/persistent_storage.yml secrets: inherit + permissions: {contents: read} with: job_type: cleanup persistent_storage: ${{ needs.storage_type.outputs.storage }} @@ -235,7 +236,7 @@ jobs: name: Seed Persistent Storage for 3.${{matrix.python3}} Linux with ${{ matrix.arcticdb_version }} ArcticDB package version uses: ./.github/workflows/persistent_storage.yml secrets: inherit - permissions: {packages: write} + permissions: {contents: read} with: job_type: seed python3: ${{matrix.python3}} @@ -260,7 +261,7 @@ jobs: name: Seed Persistent Storage for 3.${{matrix.python3}} Windows with ${{ matrix.arcticdb_version }} ArcticDB package version uses: ./.github/workflows/persistent_storage.yml secrets: inherit - permissions: {packages: write} + permissions: {contents: read} with: job_type: seed python3: ${{matrix.python3}} @@ -284,7 +285,7 @@ jobs: name: Seed Persistent Storage for 3.${{matrix.python3}} MacOS with ${{ matrix.arcticdb_version }} ArcticDB package version uses: ./.github/workflows/persistent_storage.yml secrets: inherit - permissions: {packages: write} + permissions: {contents: read} with: job_type: seed python3: ${{matrix.python3}} @@ -410,7 +411,7 @@ jobs: name: Verify Persistent Storage for 3.${{matrix.python3}} Linux with ${{ matrix.arcticdb_version }} ArcticDB package version uses: ./.github/workflows/persistent_storage.yml secrets: inherit - permissions: {packages: write} + permissions: {contents: read} with: job_type: verify python3: ${{matrix.python3}} @@ -434,7 +435,7 @@ jobs: name: Verify Persistent Storage for 3.${{matrix.python3}} Windows with ${{ matrix.arcticdb_version }} ArcticDB package version uses: ./.github/workflows/persistent_storage.yml secrets: inherit - permissions: {packages: write} + permissions: {contents: read} with: job_type: verify python3: ${{matrix.python3}} @@ -486,7 +487,7 @@ jobs: name: Verify Persistent Storage for 3.${{matrix.python3}} MacOS with ${{ matrix.arcticdb_version }} ArcticDB package version uses: ./.github/workflows/persistent_storage.yml secrets: inherit - permissions: {packages: write} + permissions: {contents: read} with: job_type: verify python3: ${{matrix.python3}} @@ -501,6 +502,7 @@ jobs: name: Cleanup persistent storages uses: ./.github/workflows/persistent_storage.yml secrets: inherit + permissions: {contents: read} with: job_type: cleanup persistent_storage: ${{ needs.storage_type.outputs.storage }} diff --git a/.github/workflows/persistent_storage.yml b/.github/workflows/persistent_storage.yml index d4b394f5887..688a714c622 100644 --- a/.github/workflows/persistent_storage.yml +++ b/.github/workflows/persistent_storage.yml @@ -9,6 +9,9 @@ on: arcticdb_version: {default: "", type: string, description: The version of ArcticDB that will be installed and used for seed/verify } persistent_storage: {required: true, default: "no", type: string, description: Specifies whether the python tests should tests against real storages e.g. AWS S3 } +permissions: + contents: read + jobs: setup: if: inputs.job_type != 'cleanup'