Skip to content

Commit a7bcf09

Browse files
authored
Merge branch 'main' into add-missing-permissions
2 parents 8744c25 + bca4826 commit a7bcf09

File tree

41 files changed

+729
-119
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

41 files changed

+729
-119
lines changed
Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
#!/bin/bash -e
22

3-
git config user.name opentelemetrybot
4-
git config user.email 107717825+opentelemetrybot@users.noreply.github.com
3+
git config user.name otelbot
4+
git config user.email 197425009+otelbot@users.noreply.github.com

.github/workflows/backport.yml

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,14 @@ on:
66
description: "The pull request # to backport"
77
required: true
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
backport:
14+
permissions:
15+
contents: write # required for pushing branches
16+
pull-requests: write # required for creating pull requests
1117
runs-on: ubuntu-latest
1218
permissions:
1319
contents: write # required for pushing changes
@@ -26,16 +32,22 @@ jobs:
2632
- name: Use CLA approved github bot
2733
run: .github/scripts/use-cla-approved-github-bot.sh
2834

35+
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
36+
id: otelbot-token
37+
with:
38+
app-id: ${{ vars.OTELBOT_APP_ID }}
39+
private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
40+
2941
- name: Create pull request
3042
env:
3143
NUMBER: ${{ github.event.inputs.number }}
3244
# not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
33-
GITHUB_TOKEN: ${{ secrets.OPENTELEMETRYBOT_GITHUB_TOKEN }}
45+
GITHUB_TOKEN: ${{ steps.otelbot-token.outputs.token }}
3446
run: |
3547
commit=$(gh pr view $NUMBER --json mergeCommit --jq .mergeCommit.oid)
3648
title=$(gh pr view $NUMBER --json title --jq .title)
3749
38-
branch="opentelemetrybot/backport-${NUMBER}-to-${GITHUB_REF_NAME//\//-}"
50+
branch="otelbot/backport-${NUMBER}-to-${GITHUB_REF_NAME//\//-}"
3951
4052
git cherry-pick $commit
4153
git push origin HEAD:$branch

.github/workflows/changelog.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,15 @@ on:
1010
branches:
1111
- main
1212

13+
permissions:
14+
contents: read
15+
1316
jobs:
1417
changelog:
1518
runs-on: ubuntu-latest
1619
if: |
1720
!contains(github.event.pull_request.labels.*.name, 'Skip Changelog')
18-
&& github.actor != 'opentelemetrybot'
21+
&& github.actor != 'otelbot[bot]'
1922
2023
steps:
2124
- uses: actions/checkout@v4

.github/workflows/codeql-analysis.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,13 @@ on:
1414
# * * * * *
1515
- cron: '30 1 * * *'
1616

17+
permissions:
18+
contents: read
19+
1720
jobs:
1821
CodeQL-Build:
22+
permissions:
23+
security-events: write # for github/codeql-action/analyze to upload SARIF results
1924
runs-on: ubuntu-latest
2025

2126
steps:

.github/workflows/component-owners.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ name: 'Component Owners'
66
on:
77
pull_request_target:
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
run_self:
1114
runs-on: ubuntu-latest

.github/workflows/core_contrib_test_0.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ on:
1313
required: true
1414
type: string
1515

16+
permissions:
17+
contents: read
18+
1619
env:
1720
CORE_REPO_SHA: ${{ inputs.CORE_REPO_SHA }}
1821
CONTRIB_REPO_SHA: ${{ inputs.CONTRIB_REPO_SHA }}

.github/workflows/generate_workflows_lib/src/generate_workflows_lib/core_contrib_test.yml.j2

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ on:
1313
required: true
1414
type: string
1515

16+
permissions:
17+
contents: read
18+
1619
env:
1720
CORE_REPO_SHA: ${% raw %}{{ inputs.CORE_REPO_SHA }}{% endraw %}
1821
CONTRIB_REPO_SHA: ${% raw %}{{ inputs.CONTRIB_REPO_SHA }}{% endraw %}

.github/workflows/generate_workflows_lib/src/generate_workflows_lib/lint.yml.j2

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ on:
99
- 'release/*'
1010
pull_request:
1111

12+
permissions:
13+
contents: read
14+
1215
concurrency:
1316
group: ${% raw %}{{ github.workflow }}-${{ github.head_ref || github.run_id }}{% endraw %}
1417
cancel-in-progress: true

.github/workflows/generate_workflows_lib/src/generate_workflows_lib/misc.yml.j2

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ on:
99
- 'release/*'
1010
pull_request:
1111

12+
permissions:
13+
contents: read
14+
1215
concurrency:
1316
group: ${% raw %}{{ github.workflow }}-${{ github.head_ref || github.run_id }}{% endraw %}
1417
cancel-in-progress: true
@@ -36,16 +39,16 @@ jobs:
3639
{%- if job_data == "generate-workflows" %}
3740
if: |
3841
!contains(github.event.pull_request.labels.*.name, 'Skip generate-workflows')
39-
&& github.event.pull_request.user.login != 'opentelemetrybot' && github.event_name == 'pull_request'
42+
&& github.event.pull_request.user.login != 'otelbot[bot]' && github.event_name == 'pull_request'
4043
{%- endif %}
4144
{%- if job_data == "public-symbols-check" %}
4245
if: |
4346
!contains(github.event.pull_request.labels.*.name, 'Approve Public API check')
44-
&& github.actor != 'opentelemetrybot' && github.event_name == 'pull_request'
47+
&& github.actor != 'otelbot[bot]' && github.event_name == 'pull_request'
4548
{%- endif %}
4649
{%- if job_data == "docs" %}
4750
if: |
48-
github.event.pull_request.user.login != 'opentelemetrybot' && github.event_name == 'pull_request'
51+
github.event.pull_request.user.login != 'otelbot[bot]' && github.event_name == 'pull_request'
4952
{%- endif %}
5053
steps:
5154
- name: Checkout repo @ SHA - ${% raw %}{{ github.sha }}{% endraw %}

.github/workflows/generate_workflows_lib/src/generate_workflows_lib/test.yml.j2

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ on:
99
- 'release/*'
1010
pull_request:
1111

12+
permissions:
13+
contents: read
14+
1215
concurrency:
1316
group: ${% raw %}{{ github.workflow }}-${{ github.head_ref || github.run_id }}{% endraw %}
1417
cancel-in-progress: true

0 commit comments

Comments
 (0)