From 9448b6896434f5743967ba41158db4875af917ac Mon Sep 17 00:00:00 2001 From: James Henry Date: Wed, 27 Sep 2023 20:54:35 -0400 Subject: [PATCH] fix(core): generate permissions on github ci workflow (#19357) --- .../__snapshots__/ci-workflow.spec.ts.snap | 54 ++++++++++++++----- .../__workflowFileName__.yml__tmpl__ | 9 +++- 2 files changed, 49 insertions(+), 14 deletions(-) diff --git a/packages/workspace/src/generators/ci-workflow/__snapshots__/ci-workflow.spec.ts.snap b/packages/workspace/src/generators/ci-workflow/__snapshots__/ci-workflow.spec.ts.snap index d4ebc7c777702..4a592754aa2e7 100644 --- a/packages/workspace/src/generators/ci-workflow/__snapshots__/ci-workflow.spec.ts.snap +++ b/packages/workspace/src/generators/ci-workflow/__snapshots__/ci-workflow.spec.ts.snap @@ -186,10 +186,15 @@ on: - main pull_request: +# Needed for nx-set-shas within nx-cloud-main.yml, when run on the main branch +permissions: + actions: read + contents: read + jobs: main: name: Nx Cloud - Main Job - uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.1 with: main-branch-name: main number-of-agents: 3 @@ -204,7 +209,7 @@ jobs: agents: name: Nx Cloud - Agents - uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.1 with: number-of-agents: 3 " @@ -219,10 +224,15 @@ on: - main pull_request: +# Needed for nx-set-shas within nx-cloud-main.yml, when run on the main branch +permissions: + actions: read + contents: read + jobs: main: name: Nx Cloud - Main Job - uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.1 with: main-branch-name: main number-of-agents: 3 @@ -237,7 +247,7 @@ jobs: agents: name: Nx Cloud - Agents - uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.1 with: number-of-agents: 3 " @@ -480,10 +490,15 @@ on: - main pull_request: +# Needed for nx-set-shas within nx-cloud-main.yml, when run on the main branch +permissions: + actions: read + contents: read + jobs: main: name: Nx Cloud - Main Job - uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.1 with: main-branch-name: main number-of-agents: 3 @@ -498,7 +513,7 @@ jobs: agents: name: Nx Cloud - Agents - uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.1 with: number-of-agents: 3 " @@ -513,10 +528,15 @@ on: - main pull_request: +# Needed for nx-set-shas within nx-cloud-main.yml, when run on the main branch +permissions: + actions: read + contents: read + jobs: main: name: Nx Cloud - Main Job - uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.1 with: main-branch-name: main number-of-agents: 3 @@ -531,7 +551,7 @@ jobs: agents: name: Nx Cloud - Agents - uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.1 with: number-of-agents: 3 " @@ -774,10 +794,15 @@ on: - main pull_request: +# Needed for nx-set-shas within nx-cloud-main.yml, when run on the main branch +permissions: + actions: read + contents: read + jobs: main: name: Nx Cloud - Main Job - uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.1 with: main-branch-name: main number-of-agents: 3 @@ -792,7 +817,7 @@ jobs: agents: name: Nx Cloud - Agents - uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.1 with: number-of-agents: 3 " @@ -807,10 +832,15 @@ on: - main pull_request: +# Needed for nx-set-shas within nx-cloud-main.yml, when run on the main branch +permissions: + actions: read + contents: read + jobs: main: name: Nx Cloud - Main Job - uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.1 with: main-branch-name: main number-of-agents: 3 @@ -825,7 +855,7 @@ jobs: agents: name: Nx Cloud - Agents - uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.1 with: number-of-agents: 3 " diff --git a/packages/workspace/src/generators/ci-workflow/files/github/.github/workflows/__workflowFileName__.yml__tmpl__ b/packages/workspace/src/generators/ci-workflow/files/github/.github/workflows/__workflowFileName__.yml__tmpl__ index 2c64cb1a8d8c6..cce752af6656b 100644 --- a/packages/workspace/src/generators/ci-workflow/files/github/.github/workflows/__workflowFileName__.yml__tmpl__ +++ b/packages/workspace/src/generators/ci-workflow/files/github/.github/workflows/__workflowFileName__.yml__tmpl__ @@ -6,10 +6,15 @@ on: - <%= mainBranch %> pull_request: +# Needed for nx-set-shas within nx-cloud-main.yml, when run on the <%= mainBranch %> branch +permissions: + actions: read + contents: read + jobs: main: name: Nx Cloud - Main Job - uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-main.yml@v0.13.1 with: main-branch-name: <%= mainBranch %> number-of-agents: 3 @@ -24,6 +29,6 @@ jobs: agents: name: Nx Cloud - Agents - uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.0 + uses: nrwl/ci/.github/workflows/nx-cloud-agents.yml@v0.13.1 with: number-of-agents: 3