chore(ci): update permission (#2247)

skyzh · web-flow · commit 538bdcd3b44b · 2022-05-03T05:04:53.000Z
* chore(ci): update permission

Signed-off-by: Alex Chi &lt;iskyzh@gmail.com&gt;

* allow contents write

Signed-off-by: Alex Chi &lt;iskyzh@gmail.com&gt;
diff --git a/.github/workflow-template/main-cron.yml b/.github/workflow-template/main-cron.yml
@@ -5,11 +5,13 @@ name: CI (main-cronjob)
 on:
   # Triggers the workflow everyday 00:00
   schedule:
-    - cron: '0 0 * * *'
+    - cron: "0 0 * * *"
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
+permissions: write-all
+
 jobs:
   start-runner-c:
     name: ec2-start-c
@@ -57,4 +59,3 @@ jobs:
           label: ${{ needs.start-runner-c.outputs.label }}
           ec2-instance-id: ${{ needs.start-runner-c.outputs.ec2-instance-id }}
         if: ${{ always() }}
-
diff --git a/.github/workflow-template/main-override.yml b/.github/workflow-template/main-override.yml
@@ -12,6 +12,10 @@ on:
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
+permissions:
+  id-token: write
+  contents: write
+
 jobs:
   start-runner-c:
     name: ec2-start-c
diff --git a/.github/workflow-template/pr-override.yml b/.github/workflow-template/pr-override.yml
@@ -12,3 +12,7 @@ on:
 concurrency:
   group: environment-${{ github.ref }}
   cancel-in-progress: true
+
+permissions:
+  id-token: write
+  contents: read # This is required for actions/checkout
diff --git a/.github/workflow-template/template.yml b/.github/workflow-template/template.yml
@@ -16,8 +16,6 @@ env:
   AWS_ROLE_TO_ASSUME: arn:aws:iam::639303875316:role/Create-IAM-Role-for-Configure-AWS-Credentials-Role-1NF1LWROB80QG
 
 permissions:
-      id-token: write
-      contents: read    # This is required for actions/checkout
 
 jobs:
   # Start 2 runners (a/b) to run build and test in parallel. Note that we also have runner C in main for release build.
diff --git a/.github/workflows/main-cron.yml b/.github/workflows/main-cron.yml
@@ -8,7 +8,7 @@
 name: CI (main-cronjob)
 on:
   schedule:
-    - cron: '0 0 * * *'
+    - cron: "0 0 * * *"
   workflow_dispatch:
 env:
   RUST_TOOLCHAIN: nightly-2022-04-09
@@ -20,9 +20,7 @@ env:
   RUSTFLAGS: -D warnings
   PROTOC_NO_VENDOR: true
   AWS_ROLE_TO_ASSUME: arn:aws:iam::639303875316:role/Create-IAM-Role-for-Configure-AWS-Credentials-Role-1NF1LWROB80QG
-permissions:
-  id-token: write
-  contents: read
+permissions: write-all
 jobs:
   start-runner-a:
     name: ec2-start-a
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -24,7 +24,7 @@ env:
   AWS_ROLE_TO_ASSUME: arn:aws:iam::639303875316:role/Create-IAM-Role-for-Configure-AWS-Credentials-Role-1NF1LWROB80QG
 permissions:
   id-token: write
-  contents: read
+  contents: write
 jobs:
   start-runner-a:
     name: ec2-start-a
diff --git a/src/frontend/test_runner/tests/testdata/tpch.yaml b/src/frontend/test_runner/tests/testdata/tpch.yaml
