Skip to content

Commit 0773267

Browse files
guitarrapcguitarrapc
committed
ci: fix ghalint
1 parent e9b673c commit 0773267

File tree

3 files changed

+52
-12
lines changed

3 files changed

+52
-12
lines changed

.github/workflows/build-natives.yml renamed to .github/workflows/build-natives.yaml

Lines changed: 39 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,8 @@ jobs:
4040
build-win-x64:
4141
name: Build Native library (win-x64)
4242
if: ${{ !inputs.build-only-linux }}
43+
permissions:
44+
contents: read
4345
runs-on: windows-2022
4446
timeout-minutes: 30
4547
defaults:
@@ -62,6 +64,8 @@ jobs:
6264
build-win-arm64:
6365
name: Build Native library (win-arm64)
6466
if: ${{ !inputs.build-only-linux }}
67+
permissions:
68+
contents: read
6569
runs-on: windows-2022
6670
timeout-minutes: 30
6771
defaults:
@@ -87,6 +91,8 @@ jobs:
8791
build-win-arm64-uwp:
8892
name: Build Native library (win-arm64-uwp)
8993
if: ${{ !inputs.build-only-linux }}
94+
permissions:
95+
contents: read
9096
runs-on: windows-2022
9197
timeout-minutes: 30
9298
defaults:
@@ -113,6 +119,8 @@ jobs:
113119

114120
build-linux-x64:
115121
name: Build Native library (linux-x64)
122+
permissions:
123+
contents: read
116124
runs-on: ubuntu-24.04
117125
container:
118126
# Needs to lock glibc version to 2.31 (Issue #30)
@@ -149,7 +157,7 @@ jobs:
149157
- uses: Cysharp/Actions/.github/actions/setup-dotnet@main
150158
with:
151159
dotnet-version: 8.0.x
152-
- uses: actions-rust-lang/setup-rust-toolchain@v1
160+
- uses: actions-rust-lang/setup-rust-toolchain@9d7e65c320fdb52dcd45ffaa68deb6c02c8754d9 # v1.12.0
153161
- run: cargo build --target x86_64-unknown-linux-gnu --profile ${{ env._RUST_BUILD_CONFIG == 'debug' && 'dev' || env._RUST_BUILD_CONFIG }}
154162
- uses: Cysharp/Actions/.github/actions/upload-artifact@main
155163
with:
@@ -164,6 +172,8 @@ jobs:
164172
build-osx-x64:
165173
name: Build Native library (osx-x64)
166174
if: ${{ !inputs.build-only-linux }}
175+
permissions:
176+
contents: read
167177
runs-on: macos-13 # Intel
168178
timeout-minutes: 30
169179
defaults:
@@ -187,7 +197,9 @@ jobs:
187197
build-osx-arm64:
188198
name: Build Native library (osx-arm64)
189199
if: ${{ !inputs.build-only-linux }}
190-
runs-on: macos-latest # Apple Silicon
200+
permissions:
201+
contents: read
202+
runs-on: macos-15 # Apple Silicon
191203
timeout-minutes: 30
192204
defaults:
193205
run:
@@ -210,7 +222,9 @@ jobs:
210222
name: Build Native library (osx-universal)
211223
if: ${{ !inputs.build-only-linux }}
212224
needs: [ build-osx-x64, build-osx-arm64 ]
213-
runs-on: macos-latest
225+
permissions:
226+
contents: read
227+
runs-on: macos-15
214228
timeout-minutes: 30
215229
steps:
216230
- uses: Cysharp/Actions/.github/actions/checkout@main
@@ -227,7 +241,9 @@ jobs:
227241
build-ios-x64:
228242
name: Build Native library (ios-x64)
229243
if: ${{ !inputs.build-only-linux }}
230-
runs-on: macos-latest
244+
permissions:
245+
contents: read
246+
runs-on: macos-15
231247
timeout-minutes: 30
232248
defaults:
233249
run:
@@ -245,7 +261,9 @@ jobs:
245261
build-ios-arm64:
246262
name: Build Native library (ios-arm64)
247263
if: ${{ !inputs.build-only-linux }}
248-
runs-on: macos-latest
264+
permissions:
265+
contents: read
266+
runs-on: macos-15
249267
timeout-minutes: 30
250268
defaults:
251269
run:
@@ -263,7 +281,9 @@ jobs:
263281
build-android-arm:
264282
name: Build Native library (android-arm)
265283
if: ${{ !inputs.build-only-linux }}
266-
runs-on: ubuntu-latest
284+
permissions:
285+
contents: read
286+
runs-on: ubuntu-24.04
267287
timeout-minutes: 30
268288
defaults:
269289
run:
@@ -288,7 +308,9 @@ jobs:
288308
build-android-arm64:
289309
name: Build Native library (android-arm64)
290310
if: ${{ !inputs.build-only-linux }}
291-
runs-on: ubuntu-latest
311+
permissions:
312+
contents: read
313+
runs-on: ubuntu-24.04
292314
timeout-minutes: 30
293315
defaults:
294316
run:
@@ -313,7 +335,9 @@ jobs:
313335
build-android-x64:
314336
name: Build Native library (android-x64)
315337
if: ${{ !inputs.build-only-linux }}
316-
runs-on: ubuntu-latest
338+
permissions:
339+
contents: read
340+
runs-on: ubuntu-24.04
317341
timeout-minutes: 30
318342
defaults:
319343
run:
@@ -351,7 +375,10 @@ jobs:
351375
- build-android-arm
352376
- build-android-arm64
353377
- build-android-x64
354-
runs-on: ubuntu-latest
378+
permissions:
379+
contents: read
380+
runs-on: ubuntu-24.04
381+
timeout-minutes: 30
355382
steps:
356383
- uses: Cysharp/Actions/.github/actions/checkout@main
357384
- uses: Cysharp/Actions/.github/actions/download-artifact@main
@@ -370,7 +397,9 @@ jobs:
370397
name: Update pre-built libraries for Unity
371398
if: ${{ inputs.update-unity-native && (inputs.build-only-linux && needs.build-dotnet.result == 'success' || success()) }}
372399
needs: [ build-dotnet ]
373-
runs-on: ubuntu-latest
400+
permissions:
401+
contents: read
402+
runs-on: ubuntu-24.04
374403
timeout-minutes: 15
375404
steps:
376405
- uses: Cysharp/Actions/.github/actions/checkout@main

.github/workflows/build-push-and-pr.yml renamed to .github/workflows/build-push-and-pr.yaml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,15 +19,20 @@ env:
1919
jobs:
2020
run-build:
2121
name: Build Libraries
22+
permissions:
23+
contents: read
2224
uses: ./.github/workflows/build-natives.yml
2325
with:
2426
build-config: debug
2527
build-only-linux: false
2628
update-unity-native: false
29+
2730
build-unity:
2831
name: Build Unity package
2932
if: ${{ (github.event_name == 'push' && github.repository_owner == 'Cysharp') || startsWith(github.event.pull_request.head.label, 'Cysharp:') }}
30-
runs-on: ubuntu-latest
33+
permissions:
34+
contents: read
35+
runs-on: ubuntu-24.04
3136
timeout-minutes: 15
3237
steps:
3338
- name: Load secrets

.github/workflows/build-release.yml renamed to .github/workflows/build-release.yaml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ on:
1515
jobs:
1616
update-packagejson:
1717
name: Update package.json
18+
permissions:
19+
contents: read
1820
uses: Cysharp/Actions/.github/workflows/update-packagejson.yaml@main
1921
with:
2022
file-path: ./src/YetAnotherHttpHandler/package.json
@@ -26,6 +28,8 @@ jobs:
2628
create-release:
2729
name: Create Release
2830
needs: [update-packagejson]
31+
permissions:
32+
contents: write
2933
uses: Cysharp/Actions/.github/workflows/create-release.yaml@main
3034
with:
3135
commit-id: ${{ needs.update-packagejson.outputs.sha }}
@@ -40,6 +44,8 @@ jobs:
4044
name: Cleanup package.json branch
4145
if: ${{ needs.update-packagejson.outputs.is-branch-created == 'true' }}
4246
needs: [update-packagejson]
47+
permissions:
48+
contents: write
4349
uses: Cysharp/Actions/.github/workflows/clean-packagejson-branch.yaml@main
4450
with:
45-
branch: ${{ needs.update-packagejson.outputs.branch-name }}
51+
branch: ${{ needs.update-packagejson.outputs.branch-name }}

0 commit comments

Comments
 (0)