From a938edc2d4ca4ccfcbc85723e20a47e361055e96 Mon Sep 17 00:00:00 2001 From: Sally MacFarlane Date: Thu, 8 Jan 2026 10:29:48 +1000 Subject: [PATCH 1/2] add read permissions Signed-off-by: Sally MacFarlane --- .github/workflows/build.yml | 3 +++ .github/workflows/checks.yml | 3 +++ .github/workflows/license-checks.yml | 3 +++ .github/workflows/mark-issues-as-stale.yml | 5 ++++- .github/workflows/test-windows.yml | 3 +++ 5 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ccf22402e..9aa378d6b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -23,6 +23,9 @@ on: pull_request: branches: [ main ] +permissions: + contents: read + jobs: assemble: timeout-minutes: 30 diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 64ab61ea1..61128d7c7 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -23,6 +23,9 @@ on: pull_request: branches: [ main ] +permissions: + contents: read + jobs: checks: timeout-minutes: 30 diff --git a/.github/workflows/license-checks.yml b/.github/workflows/license-checks.yml index af415821d..63806ae8b 100644 --- a/.github/workflows/license-checks.yml +++ b/.github/workflows/license-checks.yml @@ -21,6 +21,9 @@ on: paths: - 'dependency-versions.gradle' +permissions: + contents: read + jobs: license-checks: timeout-minutes: 30 diff --git a/.github/workflows/mark-issues-as-stale.yml b/.github/workflows/mark-issues-as-stale.yml index d569a2fbc..e659097c5 100644 --- a/.github/workflows/mark-issues-as-stale.yml +++ b/.github/workflows/mark-issues-as-stale.yml @@ -21,6 +21,9 @@ on: - cron: "27 3 * * 1-5" # Run at an arbitrary time on weekdays. workflow_dispatch: +permissions: + contents: read + jobs: mark-issues-as-stale: runs-on: ubuntu-latest @@ -35,4 +38,4 @@ jobs: DAYS_BEFORE_STALE: 60 DAYS_BEFORE_CLOSE: 60 # Only used for the stale message. STALE_LABEL: 'Stale' - EXEMPT_LABEL: 'never stale' \ No newline at end of file + EXEMPT_LABEL: 'never stale' diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index 0e2bbf9f2..11f8edb4c 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -24,6 +24,9 @@ on: types: [opened, synchronize, reopened, labeled, unlabeled] branches: [ main ] +permissions: + contents: read + jobs: test-windows: timeout-minutes: 30 From 15654fa854297d5ab27418b0cdf3d64d8cbedae8 Mon Sep 17 00:00:00 2001 From: Sally MacFarlane Date: Thu, 8 Jan 2026 10:37:51 +1000 Subject: [PATCH 2/2] remove stale workflow Signed-off-by: Sally MacFarlane --- .github/workflows/mark-issues-as-stale.yml | 41 ---------------------- 1 file changed, 41 deletions(-) delete mode 100644 .github/workflows/mark-issues-as-stale.yml diff --git a/.github/workflows/mark-issues-as-stale.yml b/.github/workflows/mark-issues-as-stale.yml deleted file mode 100644 index e659097c5..000000000 --- a/.github/workflows/mark-issues-as-stale.yml +++ /dev/null @@ -1,41 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This is copied from https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/.github/workflows/mark-issues-as-stale.yml -name: 'Mark issues as stale' -on: - schedule: - - cron: "27 3 * * 1-5" # Run at an arbitrary time on weekdays. - workflow_dispatch: - -permissions: - contents: read - -jobs: - mark-issues-as-stale: - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'apache' }} - steps: - - uses: actions/checkout@v4 - - - name: Run mark-issues-as-stale.sh - run: ./.github/workflows/scripts/mark-issues-as-stale.sh - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DAYS_BEFORE_STALE: 60 - DAYS_BEFORE_CLOSE: 60 # Only used for the stale message. - STALE_LABEL: 'Stale' - EXEMPT_LABEL: 'never stale'