From b25111e97e4e5013fe9e281d19bf09b35f290e4f Mon Sep 17 00:00:00 2001 From: Yuta Kasai Date: Wed, 26 Mar 2025 22:22:29 +0900 Subject: [PATCH 1/5] NO-ISSUE Grant minimum permission for check-eol-newrelease --- .github/workflows/check-eol-newrelease.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/check-eol-newrelease.yml b/.github/workflows/check-eol-newrelease.yml index 52c79f03..ee6b82b1 100644 --- a/.github/workflows/check-eol-newrelease.yml +++ b/.github/workflows/check-eol-newrelease.yml @@ -9,6 +9,9 @@ on: jobs: check-eol-newrelease: runs-on: ubuntu-latest + permissions: + contents: read + issues: write steps: - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 From 4f0c97de72490265a9c483257f1342abae2bba20 Mon Sep 17 00:00:00 2001 From: Yuta Kasai Date: Wed, 26 Mar 2025 22:38:04 +0900 Subject: [PATCH 2/5] NO-ISSUE Grant minimum permission for create-draft-release --- .github/workflows/create-draft-release.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-draft-release.yml b/.github/workflows/create-draft-release.yml index 75165a83..5d4aebf4 100644 --- a/.github/workflows/create-draft-release.yml +++ b/.github/workflows/create-draft-release.yml @@ -26,6 +26,7 @@ on: jobs: validate-input: runs-on: ubuntu-latest + permissions: {} steps: - name: Validate Acknowledgement if: ${{ github.event.inputs.acknowledge_draft != 'Yes' }} @@ -41,7 +42,8 @@ jobs: create-draft-release: runs-on: ubuntu-latest needs: validate-input - + permissions: + contents: write steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Fetch Latest Release From a7a31910695f48500b72d39e5a07feb30bfdeb84 Mon Sep 17 00:00:00 2001 From: Yuta Kasai Date: Wed, 26 Mar 2025 22:52:37 +0900 Subject: [PATCH 3/5] NO-ISSUE Grant minimum permission for test --- .github/workflows/pull_request.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 901e4631..332bb358 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -8,6 +8,8 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: + contents: read strategy: matrix: # https://www.ruby-lang.org/en/downloads/branches/ From 6d76c52aec2099cb93f31f6648a9d7241dd424b9 Mon Sep 17 00:00:00 2001 From: Yuta Kasai Date: Wed, 26 Mar 2025 23:31:47 +0900 Subject: [PATCH 4/5] NO-ISSUE update line-openapi --- line-openapi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/line-openapi b/line-openapi index 9dec0f84..cc542e3c 160000 --- a/line-openapi +++ b/line-openapi @@ -1 +1 @@ -Subproject commit 9dec0f8428ed1f422e718ed4e51b917d92fb9046 +Subproject commit cc542e3cf99e2f0be68507ef5d5fde47d9fae5f9 From 9d8eb8dc59b45e81456cf787fc77a7d5adf7c432 Mon Sep 17 00:00:00 2001 From: Yuta Kasai Date: Thu, 27 Mar 2025 08:42:17 +0900 Subject: [PATCH 5/5] NO-ISSUE Run cronjob only in original repo --- .github/workflows/check-eol-newrelease.yml | 1 + .github/workflows/close-issue.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/check-eol-newrelease.yml b/.github/workflows/check-eol-newrelease.yml index ee6b82b1..5e88f340 100644 --- a/.github/workflows/check-eol-newrelease.yml +++ b/.github/workflows/check-eol-newrelease.yml @@ -12,6 +12,7 @@ jobs: permissions: contents: read issues: write + if: github.repository == 'line/line-bot-sdk-ruby' steps: - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/close-issue.yml b/.github/workflows/close-issue.yml index 31e4ad3a..ac2b6ee2 100644 --- a/.github/workflows/close-issue.yml +++ b/.github/workflows/close-issue.yml @@ -11,6 +11,7 @@ jobs: permissions: issues: write pull-requests: write + if: github.repository == 'line/line-bot-sdk-ruby' steps: - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: