finos
diff --git a/‎.github/workflows/auto-comment.yml‎
Lines changed: 14 additions & 10 deletions b/‎.github/workflows/auto-comment.yml‎
Lines changed: 14 additions & 10 deletions
diff --git a/‎.github/workflows/build-calm-hub-coverage.yml‎
Lines changed: 34 additions & 31 deletions b/‎.github/workflows/build-calm-hub-coverage.yml‎
Lines changed: 34 additions & 31 deletions
diff --git a/‎.github/workflows/build-calm-hub-ui.yml‎
Lines changed: 27 additions & 24 deletions b/‎.github/workflows/build-calm-hub-ui.yml‎
Lines changed: 27 additions & 24 deletions
diff --git a/‎.github/workflows/build-calm-hub.yml‎
Lines changed: 42 additions & 39 deletions b/‎.github/workflows/build-calm-hub.yml‎
Lines changed: 42 additions & 39 deletions
diff --git a/‎.github/workflows/build-cli.yml‎
Lines changed: 27 additions & 24 deletions b/‎.github/workflows/build-cli.yml‎
Lines changed: 27 additions & 24 deletions
diff --git a/‎.github/workflows/build-docs.yml‎
Lines changed: 25 additions & 22 deletions b/‎.github/workflows/build-docs.yml‎
Lines changed: 25 additions & 22 deletions
@@ -1,13 +1,17 @@
 name: Auto Comment
+
+permissions:
+    contents: read
+
 on: [pull_request]
 jobs:
-  run:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: wow-actions/auto-comment@v1
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          pullRequestOpened: |
-            THIS SOFTWARE IS CONTRIBUTED SUBJECT TO THE TERMS OF THE FINOS Corporate Contributor License Agreement.
-            
-            THIS SOFTWARE IS LICENSED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT, ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THIS SOFTWARE MAY BE REDISTRIBUTED TO OTHERS ONLY BY EFFECTIVELY USING THIS OR ANOTHER EQUIVALENT DISCLAIMER IN ADDITION TO ANY OTHER REQUIRED LICENSE TERMS.
+    run:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: wow-actions/auto-comment@v1
+              with:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+                  pullRequestOpened: |
+                      THIS SOFTWARE IS CONTRIBUTED SUBJECT TO THE TERMS OF THE FINOS Corporate Contributor License Agreement.
+
+                      THIS SOFTWARE IS LICENSED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT, ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THIS SOFTWARE MAY BE REDISTRIBUTED TO OTHERS ONLY BY EFFECTIVELY USING THIS OR ANOTHER EQUIVALENT DISCLAIMER IN ADDITION TO ANY OTHER REQUIRED LICENSE TERMS.
@@ -1,40 +1,43 @@
 name: Build Calm Hub For Unit Test Coverage
 
+permissions:
+    contents: read
+
 on:
-  pull_request:
-    branches:
-      - "main"
-  push:
-    branches:
-      - "main"
+    pull_request:
+        branches:
+            - 'main'
+    push:
+        branches:
+            - 'main'
 
 jobs:
-  build:
-    name: Build Calm Hub
-    runs-on: ubuntu-latest
+    build:
+        name: Build Calm Hub
+        runs-on: ubuntu-latest
 
-    steps:
-      # Step 1: Checkout PR Branch
-      - name: Checkout PR Branch
-        uses: actions/checkout@v4
+        steps:
+            # Step 1: Checkout PR Branch
+            - name: Checkout PR Branch
+              uses: actions/checkout@v4
 
-      # Step 2: Set up JDK
-      - name: Set up JDK
-        uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '21'
+            # Step 2: Set up JDK
+            - name: Set up JDK
+              uses: actions/setup-java@v4
+              with:
+                  distribution: 'temurin'
+                  java-version: '21'
 
-      # Step 3: Cache Maven Dependencies
-      - name: Cache Maven Dependencies
-        uses: actions/cache@v4
-        with:
-          path: ~/.m2
-          key: ${{ runner.os }}-m2-${{ hashFiles('calm-hub/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-m2-
+            # Step 3: Cache Maven Dependencies
+            - name: Cache Maven Dependencies
+              uses: actions/cache@v4
+              with:
+                  path: ~/.m2
+                  key: ${{ runner.os }}-m2-${{ hashFiles('calm-hub/pom.xml') }}
+                  restore-keys: |
+                      ${{ runner.os }}-m2-
 
-      # Step 4: Build and Test
-      - name: Build and Test
-        working-directory: calm-hub
-        run: mvn clean verify
+            # Step 4: Build and Test
+            - name: Build and Test
+              working-directory: calm-hub
+              run: mvn clean verify
@@ -1,35 +1,38 @@
 name: Build CALM Hub UI
 
+permissions:
+    contents: read
+
 on:
-  pull_request:
-    branches:
-      - "main"
-  push:
-    branches:
-      - "main"
+    pull_request:
+        branches:
+            - 'main'
+    push:
+        branches:
+            - 'main'
 
 jobs:
-  shared:
-    name: Build, Test, and Lint Shared Module
-    runs-on: ubuntu-latest
+    shared:
+        name: Build, Test, and Lint Shared Module
+        runs-on: ubuntu-latest
 
-    steps:
-      - name: Checkout PR Branch
-        uses: actions/checkout@v4
+        steps:
+            - name: Checkout PR Branch
+              uses: actions/checkout@v4
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: v22
+            - name: Setup Node.js
+              uses: actions/setup-node@v4
+              with:
+                  node-version: v22
 
-      - name: Install workspace
-        run: npm ci
+            - name: Install workspace
+              run: npm ci
 
-      - name: Lint Shared Module
-        run: npm run lint --workspace=calm-hub-ui
+            - name: Lint Shared Module
+              run: npm run lint --workspace=calm-hub-ui
 
-      - name: Build workspace
-        run: npm run build --workspace=calm-hub-ui
+            - name: Build workspace
+              run: npm run build --workspace=calm-hub-ui
 
-      - name: Run tests for Shared
-        run: npm run test --workspace=calm-hub-ui
+            - name: Run tests for Shared
+              run: npm run test --workspace=calm-hub-ui
@@ -1,44 +1,47 @@
 name: Build Calm Hub with Integration Tests and Coverage
 
+permissions:
+    contents: read
+
 on:
-  pull_request:
-    branches:
-      - "main"
-  push:
-    branches:
-      - "main"
+    pull_request:
+        branches:
+            - 'main'
+    push:
+        branches:
+            - 'main'
 
 jobs:
-  build:
-    name: Build Calm Hub
-    runs-on: ubuntu-latest
-
-    steps:
-      # Step 1: Checkout PR Branch
-      - name: Checkout PR Branch
-        uses: actions/checkout@v4
-
-      # Step 2: Set up JDK
-      - name: Set up JDK
-        uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-
-      # Step 3: Cache Maven Dependencies
-      - name: Cache Maven Dependencies
-        uses: actions/cache@v4
-        with:
-          path: ~/.m2
-          key: ${{ runner.os }}-m2-${{ hashFiles('calm-hub/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-m2-
-
-      # Step 4: Set up Docker (Required for Testcontainers)
-      - name: Set up Docker
-        uses: docker/setup-buildx-action@v3
-
-      # Step 5: Build and Test
-      - name: Build and Test
-        working-directory: calm-hub
-        run: mvn -P integration clean verify
+    build:
+        name: Build Calm Hub
+        runs-on: ubuntu-latest
+
+        steps:
+            # Step 1: Checkout PR Branch
+            - name: Checkout PR Branch
+              uses: actions/checkout@v4
+
+            # Step 2: Set up JDK
+            - name: Set up JDK
+              uses: actions/setup-java@v4
+              with:
+                  distribution: 'temurin'
+                  java-version: '21'
+
+            # Step 3: Cache Maven Dependencies
+            - name: Cache Maven Dependencies
+              uses: actions/cache@v4
+              with:
+                  path: ~/.m2
+                  key: ${{ runner.os }}-m2-${{ hashFiles('calm-hub/pom.xml') }}
+                  restore-keys: |
+                      ${{ runner.os }}-m2-
+
+            # Step 4: Set up Docker (Required for Testcontainers)
+            - name: Set up Docker
+              uses: docker/setup-buildx-action@v3
+
+            # Step 5: Build and Test
+            - name: Build and Test
+              working-directory: calm-hub
+              run: mvn -P integration clean verify
@@ -1,35 +1,38 @@
 name: Build CLI
 
+permissions:
+    contents: read
+
 on:
-  pull_request:
-    branches:
-      - "main"
-  push:
-    branches:
-      - "main"
+    pull_request:
+        branches:
+            - 'main'
+    push:
+        branches:
+            - 'main'
 
 jobs:
-  cli:
-    name: Build, Test, and Lint CLI Module
-    runs-on: ubuntu-latest
+    cli:
+        name: Build, Test, and Lint CLI Module
+        runs-on: ubuntu-latest
 
-    steps:
-      - name: Checkout PR Branch
-        uses: actions/checkout@v4
+        steps:
+            - name: Checkout PR Branch
+              uses: actions/checkout@v4
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: v22
+            - name: Setup Node.js
+              uses: actions/setup-node@v4
+              with:
+                  node-version: v22
 
-      - name: Install workspace
-        run: npm ci
+            - name: Install workspace
+              run: npm ci
 
-      - name: Lint CLI Module
-        run: npm run lint --workspace=cli
+            - name: Lint CLI Module
+              run: npm run lint --workspace=cli
 
-      - name: Build workspace
-        run: npm run build:cli
+            - name: Build workspace
+              run: npm run build:cli
 
-      - name: Run tests with coverage for CLI
-        run: npm run test --workspace=cli
+            - name: Run tests with coverage for CLI
+              run: npm run test --workspace=cli
@@ -1,31 +1,34 @@
 name: Build Docs
 
+permissions:
+    contents: read
+
 on:
-  pull_request:
-    branches:
-      - "main"
-  push:
-    branches:
-      - "main"
+    pull_request:
+        branches:
+            - 'main'
+    push:
+        branches:
+            - 'main'
 
 jobs:
-  docs:
-    name: Build Docs Module
-    runs-on: ubuntu-latest
+    docs:
+        name: Build Docs Module
+        runs-on: ubuntu-latest
 
-    steps:
-      - name: Checkout PR Branch
-        uses: actions/checkout@v4
+        steps:
+            - name: Checkout PR Branch
+              uses: actions/checkout@v4
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: v22
-          cache: npm
-          cache-dependency-path: package-lock.json
+            - name: Setup Node.js
+              uses: actions/setup-node@v4
+              with:
+                  node-version: v22
+                  cache: npm
+                  cache-dependency-path: package-lock.json
 
-      - name: Install workspace
-        run: npm ci
+            - name: Install workspace
+              run: npm ci
 
-      - name: Build Docs
-        run: npm run build:docs
+            - name: Build Docs
+              run: npm run build:docs