From ace254a57999f33165624d7b6d77fc2175d6fac3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20G=C3=B3mez=20Escandell?= Date: Mon, 23 Oct 2023 09:27:52 +0200 Subject: [PATCH 1/3] Point to feature branch in Desktop Eng repository --- .github/workflows/qa.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/qa.yaml b/.github/workflows/qa.yaml index f33bfa50f..1e053881f 100644 --- a/.github/workflows/qa.yaml +++ b/.github/workflows/qa.yaml @@ -64,8 +64,9 @@ jobs: run: | dart pub global activate protoc_plugin - name: Quality check - uses: canonical/desktop-engineering/gh-actions/go/code-sanity@main + uses: canonical/desktop-engineering/gh-actions/go/code-sanity@setup-grpc-github-token with: + github-token: ${{ github.token}} working-directory: ${{ matrix.subproject }} go-tags: gowslmock tools-directory: ${{ github.workspace }}/tools From c5ddac5b791cc6334c75ce212a20fd20e5a21e48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20G=C3=B3mez=20Escandell?= Date: Mon, 23 Oct 2023 10:30:18 +0200 Subject: [PATCH 2/3] Disable all GITHUB_TOKEN permissions --- .github/workflows/qa.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/qa.yaml b/.github/workflows/qa.yaml index 1e053881f..abfb9dc59 100644 --- a/.github/workflows/qa.yaml +++ b/.github/workflows/qa.yaml @@ -37,6 +37,7 @@ jobs: needs-flutter: true runs-on: ${{ matrix.os }}-latest + permissions: {} steps: - name: Set up git # This step needs to be done before checkout so that the checkout respects clrf From c362fda6ee34b3700c7f5e47ba73bcfc30d07604 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20G=C3=B3mez=20Escandell?= Date: Mon, 23 Oct 2023 10:44:49 +0200 Subject: [PATCH 3/3] "Enable contents: read" --- .github/workflows/qa.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/qa.yaml b/.github/workflows/qa.yaml index abfb9dc59..f61461806 100644 --- a/.github/workflows/qa.yaml +++ b/.github/workflows/qa.yaml @@ -37,7 +37,8 @@ jobs: needs-flutter: true runs-on: ${{ matrix.os }}-latest - permissions: {} + permissions: + contents: read steps: - name: Set up git # This step needs to be done before checkout so that the checkout respects clrf