From 28b24f76d3391a0e9ae53daa649d42d3b0bee36e Mon Sep 17 00:00:00 2001 From: "Project Mu UEFI Bot [bot]" <45776386+uefibot@users.noreply.github.com> Date: Wed, 31 Jan 2024 13:44:47 -0500 Subject: [PATCH] Repo File Sync: synced file(s) with microsoft/mu_devops (#836) --- .azurepipelines/MuDevOpsWrapper.yml | 2 +- .github/workflows/auto-approve.yml | 6 +++++- .github/workflows/auto-merge.yml | 8 +++++++- .github/workflows/issue-assignment.yml | 7 ++++++- .github/workflows/label-issues.yml | 7 ++++++- .github/workflows/label-sync.yml | 6 +++++- .github/workflows/pull-request-formatting-validator.yml | 5 +++++ .github/workflows/release-draft.yml | 7 ++++++- .github/workflows/scheduled-maintenance.yml | 5 +++++ .github/workflows/stale.yml | 7 ++++++- .github/workflows/submodule-release-update.yml | 6 +++++- .github/workflows/triage-issues.yml | 6 +++++- 12 files changed, 62 insertions(+), 10 deletions(-) diff --git a/.azurepipelines/MuDevOpsWrapper.yml b/.azurepipelines/MuDevOpsWrapper.yml index a0e62896c..a1babf889 100644 --- a/.azurepipelines/MuDevOpsWrapper.yml +++ b/.azurepipelines/MuDevOpsWrapper.yml @@ -19,7 +19,7 @@ resources: type: github endpoint: microsoft name: microsoft/mu_devops - ref: refs/tags/v9.0.1 + ref: refs/tags/v9.1.1 parameters: - name: do_ci_build diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index ddb104422..fa4340652 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -23,7 +23,11 @@ on: jobs: approval_check: + + permissions: + pull-requests: write + if: | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' - uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v9.0.1 + uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v9.1.1 secrets: inherit diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index fd3fc00b2..dc4b1fe39 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -24,7 +24,13 @@ on: jobs: merge_check: + + permissions: + contents: read + pull-requests: write + issues: write + if: | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' - uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v9.0.1 + uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v9.1.1 secrets: inherit diff --git a/.github/workflows/issue-assignment.yml b/.github/workflows/issue-assignment.yml index 5a0cf8882..f3b2367a6 100644 --- a/.github/workflows/issue-assignment.yml +++ b/.github/workflows/issue-assignment.yml @@ -18,4 +18,9 @@ on: jobs: apply: - uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v9.0.1 + + permissions: + contents: read + issues: write + + uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v9.1.1 diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml index 3319ac23e..f5706cc64 100644 --- a/.github/workflows/label-issues.yml +++ b/.github/workflows/label-issues.yml @@ -31,4 +31,9 @@ on: jobs: apply: - uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v9.0.1 + + permissions: + contents: read + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v9.1.1 diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index 7cf4ee76d..c551f4022 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -24,4 +24,8 @@ on: jobs: sync: - uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v9.0.1 + + permissions: + issues: write + + uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v9.1.1 diff --git a/.github/workflows/pull-request-formatting-validator.yml b/.github/workflows/pull-request-formatting-validator.yml index 13ad68a91..7032b6263 100644 --- a/.github/workflows/pull-request-formatting-validator.yml +++ b/.github/workflows/pull-request-formatting-validator.yml @@ -23,6 +23,11 @@ on: jobs: validate_pr: runs-on: ubuntu-latest + + permissions: + contents: read + pull-requests: write + steps: - run: | prTitle="$(gh api graphql -F owner=$OWNER -F name=$REPO -F pr_number=$PR_NUMBER -f query=' diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml index 023ef4046..646fe06b7 100644 --- a/.github/workflows/release-draft.yml +++ b/.github/workflows/release-draft.yml @@ -27,5 +27,10 @@ on: jobs: draft: - uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v9.0.1 + + permissions: + contents: write + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v9.1.1 secrets: inherit diff --git a/.github/workflows/scheduled-maintenance.yml b/.github/workflows/scheduled-maintenance.yml index 348f4a4ae..eef4487f8 100644 --- a/.github/workflows/scheduled-maintenance.yml +++ b/.github/workflows/scheduled-maintenance.yml @@ -24,6 +24,11 @@ on: jobs: repo_cleanup: runs-on: ubuntu-latest + + permissions: + pull-requests: write + issues: write + steps: - name: Get Repository Info run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 29095b3c7..eaa5419b1 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -24,4 +24,9 @@ on: jobs: check: - uses: microsoft/mu_devops/.github/workflows/Stale.yml@v9.0.1 + + permissions: + issues: write + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/Stale.yml@v9.1.1 diff --git a/.github/workflows/submodule-release-update.yml b/.github/workflows/submodule-release-update.yml index d4abeb4c9..f915d91d7 100644 --- a/.github/workflows/submodule-release-update.yml +++ b/.github/workflows/submodule-release-update.yml @@ -23,9 +23,13 @@ jobs: name: Check for Submodule Releases runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: - name: Update Submodules to Latest Release - uses: microsoft/mu_devops/.github/actions/submodule-release-updater@v9.0.1 + uses: microsoft/mu_devops/.github/actions/submodule-release-updater@v9.1.1 with: GH_PAT: ${{ secrets.SUBMODULE_UPDATER_TOKEN }} GH_USER: "ProjectMuBot" diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml index 89451cb70..3d0636e84 100644 --- a/.github/workflows/triage-issues.yml +++ b/.github/workflows/triage-issues.yml @@ -19,4 +19,8 @@ on: jobs: triage: - uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v9.0.1 + + permissions: + issues: write + + uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v9.1.1