Loading .github/workflows/codeowners.yml→.github/workflows/codeowners-v2.yml +25 −10 Original line number Diff line number Diff line name: Codeowners name: Codeowners v2 # This workflow depends on a GitHub App with the following permissions: # This workflow depends on two GitHub Apps with the following permissions: # - For checking code owners: # - Permissions: # - Repository > Administration: read-only # - Organization > Members: read-only # - Install App on this repository, setting these variables: # - OWNER_RO_APP_ID (variable) # - OWNER_RO_APP_PRIVATE_KEY (secret) # - For requesting code owners: # - Permissions: # - Repository > Administration: read-only # - Organization > Members: read-only # - Repository > Pull Requests: read-write # The App needs to be installed on this repository # the OWNER_APP_ID repository variable needs to be set # the OWNER_APP_PRIVATE_KEY repository secret needs to be set # - Install App on this repository, setting these variables: # - OWNER_APP_ID (variable) # - OWNER_APP_PRIVATE_KEY (secret) # # This split is done because checking code owners requires handling untrusted PR input, # while requesting code owners requires PR write access, and those shouldn't be mixed. on: pull_request_target: types: [opened, ready_for_review, synchronize, reopened, edited] # We don't need any default GitHub token permissions: {} env: OWNERS_FILE: ci/OWNERS # Don't do anything on draft PRs Loading Loading @@ -45,8 +60,8 @@ jobs: - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 id: app-token with: app-id: ${{ vars.OWNER_APP_ID }} private-key: ${{ secrets.OWNER_APP_PRIVATE_KEY }} app-id: ${{ vars.OWNER_RO_APP_ID }} private-key: ${{ secrets.OWNER_RO_APP_PRIVATE_KEY }} - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: Loading .github/workflows/editorconfig.yml→.github/workflows/editorconfig-v2.yml +4 −2 Original line number Diff line number Diff line name: "Checking EditorConfig" name: "Checking EditorConfig v2" permissions: read-all permissions: pull-requests: read contents: read on: # avoids approving first time contributors Loading .github/workflows/manual-nixos.yml→.github/workflows/manual-nixos-v2.yml +3 −2 Original line number Diff line number Diff line name: "Build NixOS manual" name: "Build NixOS manual v2" permissions: read-all permissions: contents: read on: pull_request_target: Loading .github/workflows/manual-nixpkgs.yml→.github/workflows/manual-nixpkgs-v2.yml +3 −2 Original line number Diff line number Diff line name: "Build Nixpkgs manual" name: "Build Nixpkgs manual v2" permissions: read-all permissions: contents: read on: pull_request_target: Loading .github/workflows/nix-parse.yml→.github/workflows/nix-parse-v2.yml +4 −2 Original line number Diff line number Diff line name: "Check whether nix files are parseable" name: "Check whether nix files are parseable v2" permissions: read-all permissions: pull-requests: read contents: read on: # avoids approving first time contributors Loading Loading
.github/workflows/codeowners.yml→.github/workflows/codeowners-v2.yml +25 −10 Original line number Diff line number Diff line name: Codeowners name: Codeowners v2 # This workflow depends on a GitHub App with the following permissions: # This workflow depends on two GitHub Apps with the following permissions: # - For checking code owners: # - Permissions: # - Repository > Administration: read-only # - Organization > Members: read-only # - Install App on this repository, setting these variables: # - OWNER_RO_APP_ID (variable) # - OWNER_RO_APP_PRIVATE_KEY (secret) # - For requesting code owners: # - Permissions: # - Repository > Administration: read-only # - Organization > Members: read-only # - Repository > Pull Requests: read-write # The App needs to be installed on this repository # the OWNER_APP_ID repository variable needs to be set # the OWNER_APP_PRIVATE_KEY repository secret needs to be set # - Install App on this repository, setting these variables: # - OWNER_APP_ID (variable) # - OWNER_APP_PRIVATE_KEY (secret) # # This split is done because checking code owners requires handling untrusted PR input, # while requesting code owners requires PR write access, and those shouldn't be mixed. on: pull_request_target: types: [opened, ready_for_review, synchronize, reopened, edited] # We don't need any default GitHub token permissions: {} env: OWNERS_FILE: ci/OWNERS # Don't do anything on draft PRs Loading Loading @@ -45,8 +60,8 @@ jobs: - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 id: app-token with: app-id: ${{ vars.OWNER_APP_ID }} private-key: ${{ secrets.OWNER_APP_PRIVATE_KEY }} app-id: ${{ vars.OWNER_RO_APP_ID }} private-key: ${{ secrets.OWNER_RO_APP_PRIVATE_KEY }} - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: Loading
.github/workflows/editorconfig.yml→.github/workflows/editorconfig-v2.yml +4 −2 Original line number Diff line number Diff line name: "Checking EditorConfig" name: "Checking EditorConfig v2" permissions: read-all permissions: pull-requests: read contents: read on: # avoids approving first time contributors Loading
.github/workflows/manual-nixos.yml→.github/workflows/manual-nixos-v2.yml +3 −2 Original line number Diff line number Diff line name: "Build NixOS manual" name: "Build NixOS manual v2" permissions: read-all permissions: contents: read on: pull_request_target: Loading
.github/workflows/manual-nixpkgs.yml→.github/workflows/manual-nixpkgs-v2.yml +3 −2 Original line number Diff line number Diff line name: "Build Nixpkgs manual" name: "Build Nixpkgs manual v2" permissions: read-all permissions: contents: read on: pull_request_target: Loading
.github/workflows/nix-parse.yml→.github/workflows/nix-parse-v2.yml +4 −2 Original line number Diff line number Diff line name: "Check whether nix files are parseable" name: "Check whether nix files are parseable v2" permissions: read-all permissions: pull-requests: read contents: read on: # avoids approving first time contributors Loading
