test permissions (microsoft#1264)

olaoluwasalami · davorrunje · ekzhu · corleroux · commit 0d31df08dafe · 2024-01-30T03:01:04.000+02:00
* test permissions

* test least permissions

* remove contents permissions

* testing permisions

* Update deploy-website.yml permission block

---------

Co-authored-by: Davor Runje &lt;davor@airt.ai&gt;
Co-authored-by: Eric Zhu &lt;ekzhu@users.noreply.github.com&gt;
Co-authored-by: Chi Wang &lt;wang.chi@microsoft.com&gt;
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -19,7 +19,11 @@ on:
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref }}
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
-
+permissions: {}
+    # actions: read
+  # checks: read
+  # contents: read
+  # deployments: read
 jobs:
   build:
     runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/contrib-openai.yml b/.github/workflows/contrib-openai.yml
@@ -11,7 +11,11 @@ on:
       - 'test/agentchat/contrib/**'
       - '.github/workflows/contrib-openai.yml'
       - 'setup.py'
-
+permissions: {}
+    # actions: read
+  # checks: read
+  # contents: read
+  # deployments: read
 jobs:
   RetrieveChatTest:
     strategy:
diff --git a/.github/workflows/contrib-tests.yml b/.github/workflows/contrib-tests.yml
@@ -15,7 +15,11 @@ on:
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref }}
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
-
+permissions: {}
+    # actions: read
+  # checks: read
+  # contents: read
+  # deployments: read
 jobs:
   RetrieveChatTest:
     runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/deploy-website.yml b/.github/workflows/deploy-website.yml
@@ -16,7 +16,12 @@ on:
   workflow_dispatch:
   merge_group:
     types: [checks_requested]
-
+permissions:
+  pages: write
+    # actions: read
+  # checks: read
+  # contents: read
+  # deployments: read
 jobs:
   checks:
     if: github.event_name != 'push'
diff --git a/.github/workflows/dotnet-run-openai-test-and-notebooks.yml b/.github/workflows/dotnet-run-openai-test-and-notebooks.yml
@@ -7,7 +7,11 @@ on:
       - 'dotnet/**'
 env:
   BUILD_CONFIGURATION: Release    # set this to the appropriate build configuration
-
+permissions: {}
+    # actions: read
+  # checks: read
+  # contents: read
+  # deployments: read
 jobs:
   build:
     environment: dotnet
diff --git a/.github/workflows/openai.yml b/.github/workflows/openai.yml
@@ -12,6 +12,11 @@ on:
       - "notebook/agentchat_auto_feedback_from_code_execution.ipynb"
       - "notebook/agentchat_function_call.ipynb"
       - ".github/workflows/openai.yml"
+permissions: {}
+    # actions: read
+  # checks: read
+  # contents: read
+  # deployments: read
 
 jobs:
   test:
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -9,7 +9,11 @@ on:  # Trigger the workflow on pull request or merge
 defaults:
   run:
     shell: bash
-
+permissions: {}
+    # actions: read
+  # checks: read
+  # contents: read
+  # deployments: read
 jobs:
 
   pre-commit-check:
diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml
@@ -7,7 +7,11 @@ name: python-package
 on:
   release:
     types: [published]
-
+permissions: {}
+  # actions: read
+  # checks: read
+  # contents: read
+  # deployments: read
 jobs:
   deploy:
     strategy:
