From 30dc4c7b07ec1c877ee7a8b3feb234942eddac0c Mon Sep 17 00:00:00 2001 From: Ryan Cooke Date: Tue, 3 Dec 2024 11:07:44 +0000 Subject: [PATCH 1/2] Explicitly set GITHUB_TOKEN permissions for yocto workflow Change-type: patch Signed-off-by: Ryan Cooke --- .github/workflows/bananapi-m1-plus.yml | 7 +++++++ .github/workflows/beaglebone-ai64.yml | 7 +++++++ .github/workflows/beaglebone-pocket.yml | 7 +++++++ .github/workflows/beaglebone.yml | 7 +++++++ .github/workflows/generic-aarch64.yml | 7 +++++++ .github/workflows/generic-amd64.yml | 7 +++++++ .github/workflows/genericx86-64-ext.yml | 7 +++++++ .github/workflows/genericx86-64.yml | 7 +++++++ .github/workflows/imx6ul-var-dart.yml | 7 +++++++ .github/workflows/imx7-var-som.yml | 7 +++++++ .github/workflows/iot-gate-imx8.yml | 7 +++++++ .github/workflows/iot-gate-imx8plus.yml | 7 +++++++ .github/workflows/jetson-agx-orin-devkit.yml | 7 +++++++ .github/workflows/jetson-nano.yml | 7 +++++++ .github/workflows/jetson-tx2.yml | 7 +++++++ .github/workflows/jetson-xavier.yml | 7 +++++++ .github/workflows/nanopi-neo-air.yml | 7 +++++++ .github/workflows/nanopi-r2c.yml | 7 +++++++ .github/workflows/orangepi-plus2.yml | 7 +++++++ .github/workflows/owa5x.yml | 7 +++++++ .github/workflows/raspberrypi.yml | 7 +++++++ .github/workflows/raspberrypi2.yml | 7 +++++++ .github/workflows/raspberrypi3-64.yml | 7 +++++++ .github/workflows/raspberrypi3.yml | 7 +++++++ .github/workflows/raspberrypi4-64.yml | 7 +++++++ .github/workflows/revpi-connect-4.yml | 7 +++++++ .github/workflows/revpi-connect-s.yml | 7 +++++++ .github/workflows/revpi-connect.yml | 7 +++++++ .github/workflows/revpi-core-3.yml | 7 +++++++ .github/workflows/rockpi-4b-rk3399.yml | 7 +++++++ .github/workflows/surface-go.yml | 7 +++++++ .github/workflows/surface-pro-6.yml | 7 +++++++ .github/workflows/var-som-mx6..yml | 7 +++++++ 33 files changed, 231 insertions(+) diff --git a/.github/workflows/bananapi-m1-plus.yml b/.github/workflows/bananapi-m1-plus.yml index ef609060da..403bfc33db 100644 --- a/.github/workflows/bananapi-m1-plus.yml +++ b/.github/workflows/bananapi-m1-plus.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/beaglebone-ai64.yml b/.github/workflows/beaglebone-ai64.yml index 70d2d90483..f348b15f77 100644 --- a/.github/workflows/beaglebone-ai64.yml +++ b/.github/workflows/beaglebone-ai64.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/beaglebone-pocket.yml b/.github/workflows/beaglebone-pocket.yml index 9da17b60b9..c46a31b67d 100644 --- a/.github/workflows/beaglebone-pocket.yml +++ b/.github/workflows/beaglebone-pocket.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/beaglebone.yml b/.github/workflows/beaglebone.yml index 78e747426a..09f408c4c6 100644 --- a/.github/workflows/beaglebone.yml +++ b/.github/workflows/beaglebone.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/generic-aarch64.yml b/.github/workflows/generic-aarch64.yml index a9fe5728d4..06f88d9cda 100644 --- a/.github/workflows/generic-aarch64.yml +++ b/.github/workflows/generic-aarch64.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/generic-amd64.yml b/.github/workflows/generic-amd64.yml index cbca4b5cf9..ab06346ba7 100644 --- a/.github/workflows/generic-amd64.yml +++ b/.github/workflows/generic-amd64.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/genericx86-64-ext.yml b/.github/workflows/genericx86-64-ext.yml index 9444662281..e31f483f64 100644 --- a/.github/workflows/genericx86-64-ext.yml +++ b/.github/workflows/genericx86-64-ext.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/genericx86-64.yml b/.github/workflows/genericx86-64.yml index 32ef72d465..16b95874eb 100644 --- a/.github/workflows/genericx86-64.yml +++ b/.github/workflows/genericx86-64.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/imx6ul-var-dart.yml b/.github/workflows/imx6ul-var-dart.yml index 684b0c89ba..4da592752e 100644 --- a/.github/workflows/imx6ul-var-dart.yml +++ b/.github/workflows/imx6ul-var-dart.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/imx7-var-som.yml b/.github/workflows/imx7-var-som.yml index 7b35eda16a..c19790a692 100644 --- a/.github/workflows/imx7-var-som.yml +++ b/.github/workflows/imx7-var-som.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/iot-gate-imx8.yml b/.github/workflows/iot-gate-imx8.yml index 669829594b..03a1bdf186 100644 --- a/.github/workflows/iot-gate-imx8.yml +++ b/.github/workflows/iot-gate-imx8.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/iot-gate-imx8plus.yml b/.github/workflows/iot-gate-imx8plus.yml index 506d4f2c41..93438c8e59 100644 --- a/.github/workflows/iot-gate-imx8plus.yml +++ b/.github/workflows/iot-gate-imx8plus.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/jetson-agx-orin-devkit.yml b/.github/workflows/jetson-agx-orin-devkit.yml index e474974e56..72066a2745 100644 --- a/.github/workflows/jetson-agx-orin-devkit.yml +++ b/.github/workflows/jetson-agx-orin-devkit.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/jetson-nano.yml b/.github/workflows/jetson-nano.yml index 926d9d4380..113778278a 100644 --- a/.github/workflows/jetson-nano.yml +++ b/.github/workflows/jetson-nano.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/jetson-tx2.yml b/.github/workflows/jetson-tx2.yml index e9b40fd674..108f3c2c9d 100644 --- a/.github/workflows/jetson-tx2.yml +++ b/.github/workflows/jetson-tx2.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/jetson-xavier.yml b/.github/workflows/jetson-xavier.yml index 8066a1a0dd..1615c76b9c 100644 --- a/.github/workflows/jetson-xavier.yml +++ b/.github/workflows/jetson-xavier.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/nanopi-neo-air.yml b/.github/workflows/nanopi-neo-air.yml index 8ae90c2ee4..6cf6ed25bc 100644 --- a/.github/workflows/nanopi-neo-air.yml +++ b/.github/workflows/nanopi-neo-air.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/nanopi-r2c.yml b/.github/workflows/nanopi-r2c.yml index f6894c82d3..68b765a812 100644 --- a/.github/workflows/nanopi-r2c.yml +++ b/.github/workflows/nanopi-r2c.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/orangepi-plus2.yml b/.github/workflows/orangepi-plus2.yml index 58b43498fa..ca30310fae 100644 --- a/.github/workflows/orangepi-plus2.yml +++ b/.github/workflows/orangepi-plus2.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/owa5x.yml b/.github/workflows/owa5x.yml index 96288065d9..46d513e0d9 100644 --- a/.github/workflows/owa5x.yml +++ b/.github/workflows/owa5x.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/raspberrypi.yml b/.github/workflows/raspberrypi.yml index 1d155e6937..a7ab02bb01 100644 --- a/.github/workflows/raspberrypi.yml +++ b/.github/workflows/raspberrypi.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/raspberrypi2.yml b/.github/workflows/raspberrypi2.yml index 4fdb65d913..29978fd073 100644 --- a/.github/workflows/raspberrypi2.yml +++ b/.github/workflows/raspberrypi2.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/raspberrypi3-64.yml b/.github/workflows/raspberrypi3-64.yml index 0deb292e42..5e96fa2a23 100644 --- a/.github/workflows/raspberrypi3-64.yml +++ b/.github/workflows/raspberrypi3-64.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/raspberrypi3.yml b/.github/workflows/raspberrypi3.yml index 618c14d93a..033a9b82a4 100644 --- a/.github/workflows/raspberrypi3.yml +++ b/.github/workflows/raspberrypi3.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/raspberrypi4-64.yml b/.github/workflows/raspberrypi4-64.yml index 9a430c7ab1..f972b13be3 100644 --- a/.github/workflows/raspberrypi4-64.yml +++ b/.github/workflows/raspberrypi4-64.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/revpi-connect-4.yml b/.github/workflows/revpi-connect-4.yml index 08ec080434..28b183b1b6 100644 --- a/.github/workflows/revpi-connect-4.yml +++ b/.github/workflows/revpi-connect-4.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/revpi-connect-s.yml b/.github/workflows/revpi-connect-s.yml index c26750613d..2329399c34 100644 --- a/.github/workflows/revpi-connect-s.yml +++ b/.github/workflows/revpi-connect-s.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/revpi-connect.yml b/.github/workflows/revpi-connect.yml index 4f3e055e9b..8f71e6d5ac 100644 --- a/.github/workflows/revpi-connect.yml +++ b/.github/workflows/revpi-connect.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/revpi-core-3.yml b/.github/workflows/revpi-core-3.yml index ad52ff79dc..a3c15810e0 100644 --- a/.github/workflows/revpi-core-3.yml +++ b/.github/workflows/revpi-core-3.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/rockpi-4b-rk3399.yml b/.github/workflows/rockpi-4b-rk3399.yml index 223fe02887..5ef33d02cc 100644 --- a/.github/workflows/rockpi-4b-rk3399.yml +++ b/.github/workflows/rockpi-4b-rk3399.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/surface-go.yml b/.github/workflows/surface-go.yml index 52e296fb6c..9f6654e78e 100644 --- a/.github/workflows/surface-go.yml +++ b/.github/workflows/surface-go.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/surface-pro-6.yml b/.github/workflows/surface-pro-6.yml index 8133e1d8de..3fd0513f49 100644 --- a/.github/workflows/surface-pro-6.yml +++ b/.github/workflows/surface-pro-6.yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto diff --git a/.github/workflows/var-som-mx6..yml b/.github/workflows/var-som-mx6..yml index 4a46badf04..8bb685cb0e 100644 --- a/.github/workflows/var-som-mx6..yml +++ b/.github/workflows/var-som-mx6..yml @@ -14,6 +14,13 @@ on: # ESR branches glob pattern - "[0-9]+.[0-9]+.x" +permissions: + id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token + actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass + pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals. + packages: read + contents: read + jobs: yocto: name: Yocto From f89f90d16987879fe1ae9ae018f5568372091113 Mon Sep 17 00:00:00 2001 From: Ryan Cooke Date: Tue, 3 Dec 2024 11:08:18 +0000 Subject: [PATCH 2/2] Pin yocto-scripts workflow to master --- .github/workflows/bananapi-m1-plus.yml | 2 +- .github/workflows/beaglebone-ai64.yml | 2 +- .github/workflows/beaglebone-pocket.yml | 2 +- .github/workflows/beaglebone.yml | 2 +- .github/workflows/generic-aarch64.yml | 2 +- .github/workflows/generic-amd64.yml | 2 +- .github/workflows/genericx86-64-ext.yml | 2 +- .github/workflows/genericx86-64.yml | 2 +- .github/workflows/imx6ul-var-dart.yml | 2 +- .github/workflows/imx7-var-som.yml | 2 +- .github/workflows/iot-gate-imx8.yml | 2 +- .github/workflows/iot-gate-imx8plus.yml | 2 +- .github/workflows/jetson-agx-orin-devkit.yml | 2 +- .github/workflows/jetson-nano.yml | 2 +- .github/workflows/jetson-tx2.yml | 2 +- .github/workflows/jetson-xavier.yml | 2 +- .github/workflows/nanopi-neo-air.yml | 2 +- .github/workflows/nanopi-r2c.yml | 2 +- .github/workflows/orangepi-plus2.yml | 2 +- .github/workflows/owa5x.yml | 2 +- .github/workflows/raspberrypi.yml | 2 +- .github/workflows/raspberrypi2.yml | 2 +- .github/workflows/raspberrypi3-64.yml | 2 +- .github/workflows/raspberrypi3.yml | 2 +- .github/workflows/raspberrypi4-64.yml | 2 +- .github/workflows/revpi-connect-4.yml | 2 +- .github/workflows/revpi-connect-s.yml | 2 +- .github/workflows/revpi-connect.yml | 2 +- .github/workflows/revpi-core-3.yml | 2 +- .github/workflows/rockpi-4b-rk3399.yml | 2 +- .github/workflows/surface-go.yml | 2 +- .github/workflows/surface-pro-6.yml | 2 +- .github/workflows/var-som-mx6..yml | 2 +- 33 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.github/workflows/bananapi-m1-plus.yml b/.github/workflows/bananapi-m1-plus.yml index 403bfc33db..b6e8e26a5b 100644 --- a/.github/workflows/bananapi-m1-plus.yml +++ b/.github/workflows/bananapi-m1-plus.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/beaglebone-ai64.yml b/.github/workflows/beaglebone-ai64.yml index f348b15f77..76565831e1 100644 --- a/.github/workflows/beaglebone-ai64.yml +++ b/.github/workflows/beaglebone-ai64.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/beaglebone-pocket.yml b/.github/workflows/beaglebone-pocket.yml index c46a31b67d..50fcd3327d 100644 --- a/.github/workflows/beaglebone-pocket.yml +++ b/.github/workflows/beaglebone-pocket.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/beaglebone.yml b/.github/workflows/beaglebone.yml index 09f408c4c6..cf63899b78 100644 --- a/.github/workflows/beaglebone.yml +++ b/.github/workflows/beaglebone.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/generic-aarch64.yml b/.github/workflows/generic-aarch64.yml index 06f88d9cda..e669a6cd5d 100644 --- a/.github/workflows/generic-aarch64.yml +++ b/.github/workflows/generic-aarch64.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/generic-amd64.yml b/.github/workflows/generic-amd64.yml index ab06346ba7..a0d364041f 100644 --- a/.github/workflows/generic-amd64.yml +++ b/.github/workflows/generic-amd64.yml @@ -26,7 +26,7 @@ jobs: name: Yocto # FIXME: This workflow has dependencies on scripts in the balena-yocto-scripts repository # which is pinned separately as a submodule in the device repo. Expect some drift but try to retain compatibility. - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/genericx86-64-ext.yml b/.github/workflows/genericx86-64-ext.yml index e31f483f64..e675352691 100644 --- a/.github/workflows/genericx86-64-ext.yml +++ b/.github/workflows/genericx86-64-ext.yml @@ -26,7 +26,7 @@ jobs: name: Yocto # FIXME: This workflow has dependencies on scripts in the balena-yocto-scripts repository # which is pinned separately as a submodule in the device repo. Expect some drift but try to retain compatibility. - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/genericx86-64.yml b/.github/workflows/genericx86-64.yml index 16b95874eb..e55a51c955 100644 --- a/.github/workflows/genericx86-64.yml +++ b/.github/workflows/genericx86-64.yml @@ -26,7 +26,7 @@ jobs: name: Yocto # FIXME: This workflow has dependencies on scripts in the balena-yocto-scripts repository # which is pinned separately as a submodule in the device repo. Expect some drift but try to retain compatibility. - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/imx6ul-var-dart.yml b/.github/workflows/imx6ul-var-dart.yml index 4da592752e..9fc4d32f2e 100644 --- a/.github/workflows/imx6ul-var-dart.yml +++ b/.github/workflows/imx6ul-var-dart.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/imx7-var-som.yml b/.github/workflows/imx7-var-som.yml index c19790a692..81f64d0054 100644 --- a/.github/workflows/imx7-var-som.yml +++ b/.github/workflows/imx7-var-som.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/iot-gate-imx8.yml b/.github/workflows/iot-gate-imx8.yml index 03a1bdf186..8729c20aa9 100644 --- a/.github/workflows/iot-gate-imx8.yml +++ b/.github/workflows/iot-gate-imx8.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/iot-gate-imx8plus.yml b/.github/workflows/iot-gate-imx8plus.yml index 93438c8e59..3b3ebc93fb 100644 --- a/.github/workflows/iot-gate-imx8plus.yml +++ b/.github/workflows/iot-gate-imx8plus.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/jetson-agx-orin-devkit.yml b/.github/workflows/jetson-agx-orin-devkit.yml index 72066a2745..ba764f7c5b 100644 --- a/.github/workflows/jetson-agx-orin-devkit.yml +++ b/.github/workflows/jetson-agx-orin-devkit.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/jetson-nano.yml b/.github/workflows/jetson-nano.yml index 113778278a..bbd2c266ab 100644 --- a/.github/workflows/jetson-nano.yml +++ b/.github/workflows/jetson-nano.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/jetson-tx2.yml b/.github/workflows/jetson-tx2.yml index 108f3c2c9d..d8dc94ba72 100644 --- a/.github/workflows/jetson-tx2.yml +++ b/.github/workflows/jetson-tx2.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/jetson-xavier.yml b/.github/workflows/jetson-xavier.yml index 1615c76b9c..60f0108636 100644 --- a/.github/workflows/jetson-xavier.yml +++ b/.github/workflows/jetson-xavier.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/nanopi-neo-air.yml b/.github/workflows/nanopi-neo-air.yml index 6cf6ed25bc..485741692f 100644 --- a/.github/workflows/nanopi-neo-air.yml +++ b/.github/workflows/nanopi-neo-air.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/nanopi-r2c.yml b/.github/workflows/nanopi-r2c.yml index 68b765a812..868c21740d 100644 --- a/.github/workflows/nanopi-r2c.yml +++ b/.github/workflows/nanopi-r2c.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/orangepi-plus2.yml b/.github/workflows/orangepi-plus2.yml index ca30310fae..5f82d89d4b 100644 --- a/.github/workflows/orangepi-plus2.yml +++ b/.github/workflows/orangepi-plus2.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/owa5x.yml b/.github/workflows/owa5x.yml index 46d513e0d9..dc8a7c7650 100644 --- a/.github/workflows/owa5x.yml +++ b/.github/workflows/owa5x.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi.yml b/.github/workflows/raspberrypi.yml index a7ab02bb01..4febead7f6 100644 --- a/.github/workflows/raspberrypi.yml +++ b/.github/workflows/raspberrypi.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi2.yml b/.github/workflows/raspberrypi2.yml index 29978fd073..1c187fa608 100644 --- a/.github/workflows/raspberrypi2.yml +++ b/.github/workflows/raspberrypi2.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi3-64.yml b/.github/workflows/raspberrypi3-64.yml index 5e96fa2a23..b2b8edc12f 100644 --- a/.github/workflows/raspberrypi3-64.yml +++ b/.github/workflows/raspberrypi3-64.yml @@ -26,7 +26,7 @@ jobs: name: Yocto # FIXME: This workflow has dependencies on scripts in the balena-yocto-scripts repository # which is pinned separately as a submodule in the device repo. Expect some drift but try to retain compatibility. - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi3.yml b/.github/workflows/raspberrypi3.yml index 033a9b82a4..22537f5c8b 100644 --- a/.github/workflows/raspberrypi3.yml +++ b/.github/workflows/raspberrypi3.yml @@ -26,7 +26,7 @@ jobs: name: Yocto # FIXME: This workflow has dependencies on scripts in the balena-yocto-scripts repository # which is pinned separately as a submodule in the device repo. Expect some drift but try to retain compatibility. - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/raspberrypi4-64.yml b/.github/workflows/raspberrypi4-64.yml index f972b13be3..8265402149 100644 --- a/.github/workflows/raspberrypi4-64.yml +++ b/.github/workflows/raspberrypi4-64.yml @@ -26,7 +26,7 @@ jobs: name: Yocto # FIXME: This workflow has dependencies on scripts in the balena-yocto-scripts repository # which is pinned separately as a submodule in the device repo. Expect some drift but try to retain compatibility. - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/revpi-connect-4.yml b/.github/workflows/revpi-connect-4.yml index 28b183b1b6..dd897bbaff 100644 --- a/.github/workflows/revpi-connect-4.yml +++ b/.github/workflows/revpi-connect-4.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/revpi-connect-s.yml b/.github/workflows/revpi-connect-s.yml index 2329399c34..c0dcd2ab88 100644 --- a/.github/workflows/revpi-connect-s.yml +++ b/.github/workflows/revpi-connect-s.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/revpi-connect.yml b/.github/workflows/revpi-connect.yml index 8f71e6d5ac..b25d6a84b2 100644 --- a/.github/workflows/revpi-connect.yml +++ b/.github/workflows/revpi-connect.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/revpi-core-3.yml b/.github/workflows/revpi-core-3.yml index a3c15810e0..adb7bcd615 100644 --- a/.github/workflows/revpi-core-3.yml +++ b/.github/workflows/revpi-core-3.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/rockpi-4b-rk3399.yml b/.github/workflows/rockpi-4b-rk3399.yml index 5ef33d02cc..8b0672d14d 100644 --- a/.github/workflows/rockpi-4b-rk3399.yml +++ b/.github/workflows/rockpi-4b-rk3399.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/surface-go.yml b/.github/workflows/surface-go.yml index 9f6654e78e..5155cc72d5 100644 --- a/.github/workflows/surface-go.yml +++ b/.github/workflows/surface-go.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/surface-pro-6.yml b/.github/workflows/surface-pro-6.yml index 3fd0513f49..cb3df7d33e 100644 --- a/.github/workflows/surface-pro-6.yml +++ b/.github/workflows/surface-pro-6.yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/var-som-mx6..yml b/.github/workflows/var-som-mx6..yml index 8bb685cb0e..66f60ca9c2 100644 --- a/.github/workflows/var-som-mx6..yml +++ b/.github/workflows/var-som-mx6..yml @@ -24,7 +24,7 @@ permissions: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@2543e49b79e8161d5d2d9f4625ac70101594cd76 # v1.27.10 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while