mirror of
https://github.com/danbulant/lucide
synced 2026-06-23 08:41:55 +00:00
ci: add workflow permissions (#147)
This commit is contained in:
Daniëlle Huisman
GitHub
parent
4dee3599ba
commit
7233a99020
5 changed files with 34 additions and 38 deletions
16
.github/workflows/ci.yml
vendored
16
.github/workflows/ci.yml
vendored
|
|
@ -6,6 +6,9 @@ on:
|
|||
branches:
|
||||
- main
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
RUSTFLAGS: '-Dwarnings'
|
||||
|
||||
|
|
@ -19,19 +22,16 @@ jobs:
|
|||
uses: actions/checkout@v5
|
||||
|
||||
- name: Set up Rust toolchain
|
||||
run: rustup toolchain install nightly --no-self-update --profile default --target wasm32-unknown-unknown
|
||||
|
||||
- name: Set up Rust cache
|
||||
uses: swatinem/rust-cache@v2
|
||||
uses: actions-rust-lang/setup-rust-toolchain@v1
|
||||
with:
|
||||
cache-on-failure: true
|
||||
save-if: ${{ github.ref == 'refs/heads/main' }}
|
||||
components: clippy, rustfmt
|
||||
target: wasm32-unknown-unknown
|
||||
|
||||
- name: Check formatting
|
||||
run: cargo fmt --all --check
|
||||
|
||||
- name: Lint
|
||||
run: cargo clippy --all-features
|
||||
run: cargo clippy --all-features --locked
|
||||
|
||||
- name: Test
|
||||
run: cargo test --all-features
|
||||
run: cargo test --all-features --locked --release
|
||||
|
|
|
|||
4
.github/workflows/labels.yml
vendored
4
.github/workflows/labels.yml
vendored
|
|
@ -3,6 +3,10 @@ name: Labels
|
|||
on:
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
issues: write
|
||||
|
||||
jobs:
|
||||
sync-labels:
|
||||
name: Sync Labels
|
||||
|
|
|
|||
12
.github/workflows/release.yml
vendored
12
.github/workflows/release.yml
vendored
|
|
@ -12,6 +12,9 @@ on:
|
|||
- minor
|
||||
- major
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
release:
|
||||
name: Release
|
||||
|
|
@ -29,13 +32,10 @@ jobs:
|
|||
uses: actions/checkout@v5
|
||||
|
||||
- name: Set up Rust toolchain
|
||||
run: rustup toolchain install nightly --no-self-update --profile default --target wasm32-unknown-unknown
|
||||
|
||||
- name: Set up Rust cache
|
||||
uses: swatinem/rust-cache@v2
|
||||
uses: actions-rust-lang/setup-rust-toolchain@v1
|
||||
with:
|
||||
cache-on-failure: true
|
||||
save-if: ${{ github.ref == 'refs/heads/main' }}
|
||||
components: clippy, rustfmt
|
||||
target: wasm32-unknown-unknown
|
||||
|
||||
- name: Install Cargo Binary Install
|
||||
uses: cargo-bins/cargo-binstall@main
|
||||
|
|
|
|||
11
.github/workflows/upstream.yml
vendored
11
.github/workflows/upstream.yml
vendored
|
|
@ -26,15 +26,10 @@ jobs:
|
|||
uses: actions/checkout@v5
|
||||
|
||||
- name: Set up Rust toolchain
|
||||
run: |
|
||||
rustup toolchain install nightly --no-self-update --profile default
|
||||
rustup target add wasm32-unknown-unknown
|
||||
|
||||
- name: Set up Rust cache
|
||||
uses: swatinem/rust-cache@v2
|
||||
uses: actions-rust-lang/setup-rust-toolchain@v1
|
||||
with:
|
||||
cache-on-failure: true
|
||||
save-if: ${{ github.ref == 'refs/heads/main' }}
|
||||
components: clippy, rustfmt
|
||||
target: wasm32-unknown-unknown
|
||||
|
||||
- name: Install Cargo Binary Install
|
||||
uses: cargo-bins/cargo-binstall@main
|
||||
|
|
|
|||
29
.github/workflows/website.yml
vendored
29
.github/workflows/website.yml
vendored
|
|
@ -5,6 +5,9 @@ on:
|
|||
branches:
|
||||
- main
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
cancel-in-progress: false
|
||||
|
|
@ -13,19 +16,15 @@ jobs:
|
|||
book-test:
|
||||
name: Test Book
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
|
||||
- name: Set up Rust toolchain
|
||||
run: |
|
||||
rustup toolchain install stable --no-self-update --profile minimal
|
||||
rustup target add wasm32-unknown-unknown
|
||||
|
||||
- name: Set up Rust cache
|
||||
uses: swatinem/rust-cache@v2
|
||||
uses: actions-rust-lang/setup-rust-toolchain@v1
|
||||
with:
|
||||
cache-on-failure: true
|
||||
save-if: ${{ github.ref == 'refs/heads/main' }}
|
||||
components: clippy, rustfmt
|
||||
target: wasm32-unknown-unknown
|
||||
|
||||
- name: Install Cargo Binary Install
|
||||
uses: cargo-bins/cargo-binstall@main
|
||||
|
|
@ -41,21 +40,17 @@ jobs:
|
|||
name: Build Book
|
||||
needs: book-test
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Rust toolchain
|
||||
run: |
|
||||
rustup toolchain install stable --no-self-update --profile minimal
|
||||
rustup target add wasm32-unknown-unknown
|
||||
|
||||
- name: Set up Rust cache
|
||||
uses: swatinem/rust-cache@v2
|
||||
uses: actions-rust-lang/setup-rust-toolchain@v1
|
||||
with:
|
||||
cache-on-failure: true
|
||||
save-if: ${{ github.ref == 'refs/heads/main' }}
|
||||
components: clippy, rustfmt
|
||||
target: wasm32-unknown-unknown
|
||||
|
||||
- name: Install Cargo Binary Install
|
||||
uses: cargo-bins/cargo-binstall@main
|
||||
|
|
@ -87,10 +82,12 @@ jobs:
|
|||
needs: book-build
|
||||
if: github.ref == 'refs/heads/main'
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
pages: write
|
||||
id-token: write
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
|
|
|
|||
Loading…
Reference in a new issue