[TESTING] Possible fix for regression Part 3.

### ChangeLog:

Changes in file .github/workflows/Labeler.yml:
 Unknown Changes

Changes in file .github/workflows/Tests.yml:
 jobs:

Changes in file .github/workflows/bandit.yml:
 jobs:

Changes in file .github/workflows/codeql-analysis.yml:
 jobs:

Changes in file .github/workflows/makefile-lint.yml:
 Unknown Changes

Changes in file .github/workflows/markdown-lint.yml:
 Unknown Changes

Changes in file .github/workflows/yaml-lint.yml:
 Unknown Changes

Author: reactive-firewall

.github/workflows/Labeler.yml

@@ -2,7 +2,7 @@ name: "Pull Request Labeler"
 on:
   pull_request_target:
     types: [opened, reopened]
-    branches: [ master, stable ]
+    branches: ["master", "stable"]
 
 # Declare default permissions as none.
 permissions: {}

.github/workflows/Tests.yml

@@ -1,9 +1,10 @@
 name: CI
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - master
       - stable
+      - HOTFIX-*
     tags:
       - v*
   pull_request:
@@ -14,11 +15,18 @@ on:
       - synchronize
       - ready_for_review
 
-# Declare default permissions as read only.
-permissions: read-all
+# Declare default permissions as none.
+permissions: {}
 
 jobs:
   BUILD:
+    permissions:
+      actions: read
+      contents: read
+      statuses: write
+      packages: none
+      pull-requests: read
+      security-events: none
     if: github.repository == 'reactive-firewall/multicast'
     runs-on: ubuntu-latest
     defaults:
@@ -43,6 +51,13 @@ jobs:
 
 
   BOOTSTRAP:
+    permissions:
+      actions: read
+      contents: read
+      statuses: write
+      packages: none
+      pull-requests: read
+      security-events: none
     if: ${{ !cancelled() }}
     needs: BUILD
     runs-on: ubuntu-latest
@@ -124,6 +139,13 @@ jobs:
 
 
   MATS:
+    permissions:
+      actions: read
+      contents: read
+      statuses: write
+      packages: none
+      pull-requests: read
+      security-events: none
     if: ${{ !cancelled() }}
     needs: BUILD
     runs-on: ubuntu-latest
@@ -167,6 +189,13 @@ jobs:
 
 
   COVERAGE:
+    permissions:
+      actions: read
+      contents: read
+      statuses: write
+      packages: none
+      pull-requests: read
+      security-events: none
     if: ${{ success() }}
     needs: [BUILD, MATS]
     runs-on: ${{ matrix.os }}
@@ -251,6 +280,13 @@ jobs:
 
 
   STYLE:
+    permissions:
+      actions: read
+      contents: read
+      statuses: write
+      packages: none
+      pull-requests: read
+      security-events: none
     if: ${{ success() }}
     needs: [BUILD, MATS]
     runs-on: ubuntu-latest
@@ -289,6 +325,13 @@ jobs:
 
 
   INTEGRATION:
+    permissions:
+      actions: read
+      contents: read
+      statuses: write
+      packages: none
+      pull-requests: read
+      security-events: none
     if: ${{ success() }}
     needs: [MATS, COVERAGE]
     runs-on: ${{ matrix.os }}
@@ -398,6 +441,13 @@ jobs:
 
 
   EXTRAS-FOR-SETUP:
+    permissions:
+      actions: read
+      contents: read
+      statuses: write
+      packages: none
+      pull-requests: read
+      security-events: none
     if: ${{ success() }}
     needs: [BOOTSTRAP, MATS]
     runs-on: ${{ matrix.os }}
@@ -471,6 +521,13 @@ jobs:
 
 
   EXTRAS-FOR-PIP:
+    permissions:
+      actions: read
+      contents: read
+      statuses: write
+      packages: none
+      pull-requests: read
+      security-events: none
     if: ${{ !cancelled() }}
     needs: [BOOTSTRAP, MATS]
     runs-on: ubuntu-latest
@@ -519,6 +576,13 @@ jobs:
 
 
   DOCS:
+    permissions:
+      actions: read
+      contents: read
+      statuses: write
+      packages: none
+      pull-requests: read
+      security-events: none
     if: ${{ !cancelled() }}
     needs: [MATS, COVERAGE, EXTRAS-FOR-SETUP, EXTRAS-FOR-PIP]
     runs-on: ${{ matrix.os }}
@@ -578,6 +642,13 @@ jobs:
 
 
   TOX:
+    permissions:
+      actions: read
+      contents: read
+      statuses: write
+      packages: none
+      pull-requests: read
+      security-events: none
     if: ${{ success() }}
     needs: [MATS, STYLE, COVERAGE, INTEGRATION, DOCS]
     runs-on: ubuntu-latest

.github/workflows/bandit.yml

@@ -11,12 +11,12 @@
 # https://pypi.org/project/bandit/ is Apache v2.0 licensed, by PyCQA
 
 name: Bandit
-on:
+on:  # yamllint disable-line rule:truthy
   push:
-    branches: [ "master", "stable", feature-*, HOTFIX-* ]
+    branches: ["master", "stable", feature-*, patch-*, HOTFIX-*]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "master", "stable" ]
+    branches: ["master", "stable"]
 
 permissions: {}
 
@@ -48,4 +48,3 @@ jobs:
           # skips: # optional, default is DEFAULT
           # path to a .bandit file that supplies command line arguments
           # ini_path: # optional, default is DEFAULT
-

.github/workflows/codeql-analysis.yml

@@ -13,10 +13,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master, stable ]
+    branches: ["master", "stable"]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ stable ]
+    branches: ["master", "stable"]
   schedule:
     - cron: '17 5 * * 1'
 
@@ -32,8 +32,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'python', 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        language: ['python', 'javascript']
+        # CodeQL supports ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby']
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
     steps:

.github/workflows/makefile-lint.yml

@@ -3,7 +3,7 @@
 name: Makefile Lint
 on:  # yamllint disable-line rule:truthy
   push:
-    branches: ["main", "master", "stable", feature*]
+    branches: ["main", "master", "stable", patch-*, feature-*, HOTFIX-*]
   pull_request:
     branches: ["main", "master", "stable"]
 

.github/workflows/markdown-lint.yml

@@ -1,9 +1,9 @@
 # .github/workflows/markdown-lint.yml
 ---
 name: Markdown Lint
-on:
+on:  # yamllint disable-line rule:truthy
   push:
-    branches: ["main", "master", draft, draft*]
+    branches: ["master", "stable", feature-*, patch-*, HOTFIX-*]
   pull_request:
     branches: ["main", "master"]
 

.github/workflows/yaml-lint.yml

@@ -3,7 +3,7 @@
 name: YAML Lint
 on:  # yamllint disable-line rule:truthy
   push:
-    branches: ["main", "master", "stable", feature*]
+    branches: ["master", "stable", feature-*, patch-*, HOTFIX-*]
   pull_request:
     branches: ["main", "master", "stable"]