kate/BadFish
1
0
Fork 0
mirror of https://github.com/sockspls/badfish synced 2025-05-01 17:19:36 +00:00
Code Issues Releases Wiki Activity

Use explicit action permissions in CI

Browse source 
Necessary modifications according to changes in the GitHub Action settings.

closes https://github.com/official-stockfish/Stockfish/pull/5437

Follow up from the report by Yaron Avital (yaronav) earlier.

No functional change
This commit is contained in:
Disservin 2024-07-03 14:07:48 +02:00 committed by Joost VandeVondele
parent ee6fc7e38b
commit 74a8fc0604
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.github/workflows/stockfish.yml vendored
View file

@ -15,6 +15,8 @@ jobs:
Prerelease: Prerelease:
if: github.repository == 'official-stockfish/Stockfish' && (github.ref == 'refs/heads/master' || (startsWith(github.ref_name, 'sf_') && github.ref_type == 'tag')) if: github.repository == 'official-stockfish/Stockfish' && (github.ref == 'refs/heads/master' || (startsWith(github.ref_name, 'sf_') && github.ref_type == 'tag'))
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write # For deleting/creating a prerelease
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
@ -104,9 +106,17 @@ jobs:
uses: ./.github/workflows/upload_binaries.yml uses: ./.github/workflows/upload_binaries.yml
with: with:
matrix: ${{ needs.Matrix.outputs.matrix }} matrix: ${{ needs.Matrix.outputs.matrix }}
permissions:
contents: write # For deleting/creating a (pre)release
secrets:
token: ${{ secrets.GITHUB_TOKEN }}
ARM_Binaries: ARM_Binaries:
if: github.repository == 'official-stockfish/Stockfish' if: github.repository == 'official-stockfish/Stockfish'
needs: [Matrix, Prerelease, ARMCompilation] needs: [Matrix, Prerelease, ARMCompilation]
uses: ./.github/workflows/upload_binaries.yml uses: ./.github/workflows/upload_binaries.yml
with: with:
matrix: ${{ needs.Matrix.outputs.arm_matrix }} matrix: ${{ needs.Matrix.outputs.arm_matrix }}
permissions:
contents: write # For deleting/creating a (pre)release
secrets:
token: ${{ secrets.GITHUB_TOKEN }}

5
.github/workflows/upload_binaries.yml vendored
View file

@ -5,6 +5,9 @@ on:
matrix: matrix:
type: string type: string
required: true required: true
secrets:
token:
required: true
jobs: jobs:
Artifacts: Artifacts:
@ -80,6 +83,7 @@ jobs:
uses: softprops/action-gh-release@4634c16e79c963813287e889244c50009e7f0981 uses: softprops/action-gh-release@4634c16e79c963813287e889244c50009e7f0981
with: with:
files: stockfish-${{ matrix.config.simple_name }}-${{ matrix.binaries }}.${{ matrix.config.archive_ext }} files: stockfish-${{ matrix.config.simple_name }}-${{ matrix.binaries }}.${{ matrix.config.archive_ext }}
token: ${{ secrets.token }}
- name: Get last commit sha - name: Get last commit sha
id: last_commit id: last_commit
@ -106,3 +110,4 @@ jobs:
tag_name: stockfish-dev-${{ env.COMMIT_DATE }}-${{ env.COMMIT_SHA }} tag_name: stockfish-dev-${{ env.COMMIT_DATE }}-${{ env.COMMIT_SHA }}
prerelease: true prerelease: true
files: stockfish-${{ matrix.config.simple_name }}-${{ matrix.binaries }}.${{ matrix.config.archive_ext }} files: stockfish-${{ matrix.config.simple_name }}-${{ matrix.binaries }}.${{ matrix.config.archive_ext }}
token: ${{ secrets.token }}