From b2af0740e43e2f8906fd58f5c3f9cecadb1e8db9 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Tue, 1 Feb 2022 19:17:15 -0800 Subject: [PATCH] Remove `security-events: write` from tests This is not necessary. --- .github/workflows/__analyze-ref-input.yml | 2 -- .github/workflows/__debug-artifacts.yml | 2 -- .github/workflows/__extractor-ram-threads.yml | 2 -- .github/workflows/__go-custom-queries.yml | 2 -- .github/workflows/__go-custom-tracing-autobuild.yml | 2 -- .github/workflows/__go-custom-tracing.yml | 2 -- .github/workflows/__javascript-source-root.yml | 2 -- .github/workflows/__multi-language-autodetect.yml | 2 -- .github/workflows/__packaging-config-inputs-js.yml | 2 -- .github/workflows/__packaging-config-js.yml | 2 -- .github/workflows/__packaging-inputs-js.yml | 2 -- .github/workflows/__remote-config.yml | 2 -- .github/workflows/__rubocop-multi-language.yml | 2 -- .github/workflows/__split-workflow.yml | 2 -- .github/workflows/__test-local-codeql.yml | 2 -- .github/workflows/__test-proxy.yml | 2 -- .github/workflows/__test-ruby.yml | 2 -- .github/workflows/__unset-environment.yml | 2 -- .github/workflows/__upload-ref-sha-input.yml | 2 -- pr-checks/sync.py | 3 --- 20 files changed, 41 deletions(-) diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 6ce70b5fb..71997984b 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -35,8 +35,6 @@ jobs: - macos-latest - windows-latest name: "Analyze: 'ref' and 'sha' from inputs" - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__debug-artifacts.yml b/.github/workflows/__debug-artifacts.yml index d414e2428..d034ff894 100644 --- a/.github/workflows/__debug-artifacts.yml +++ b/.github/workflows/__debug-artifacts.yml @@ -32,8 +32,6 @@ jobs: - nightly-latest os: [ubuntu-latest, macos-latest] name: Debug artifact upload - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index d0e7bf187..dd916d568 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -26,8 +26,6 @@ jobs: version: [latest] os: [ubuntu-latest] name: Extractor ram and threads options test - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index 6c87a8e46..2e71b5cff 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -35,8 +35,6 @@ jobs: - macos-latest - windows-latest name: 'Go: Custom queries' - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__go-custom-tracing-autobuild.yml b/.github/workflows/__go-custom-tracing-autobuild.yml index 16643a0b6..6d2da9331 100644 --- a/.github/workflows/__go-custom-tracing-autobuild.yml +++ b/.github/workflows/__go-custom-tracing-autobuild.yml @@ -32,8 +32,6 @@ jobs: - nightly-latest os: [ubuntu-latest, macos-latest] name: 'Go: Autobuild custom tracing' - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__go-custom-tracing.yml b/.github/workflows/__go-custom-tracing.yml index 6cd67dab7..49bf78e67 100644 --- a/.github/workflows/__go-custom-tracing.yml +++ b/.github/workflows/__go-custom-tracing.yml @@ -35,8 +35,6 @@ jobs: - macos-latest - windows-latest name: 'Go: Custom tracing' - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index df4c4e787..44260b80b 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -26,8 +26,6 @@ jobs: version: [latest, cached, nightly-latest] # This feature is not compatible with old CLIs os: [ubuntu-latest] name: Custom source root - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 65df2321b..d7b43c477 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -32,8 +32,6 @@ jobs: - nightly-latest os: [ubuntu-latest, macos-latest] name: Multi-language repository - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 0a5a4fec2..824a0041b 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -26,8 +26,6 @@ jobs: version: [nightly-20210831] # This CLI version is known to work with package used in this test os: [ubuntu-latest, macos-latest] name: 'Packaging: Config and input' - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 2e96071f3..0a2ece98a 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -26,8 +26,6 @@ jobs: version: [nightly-20210831] # This CLI version is known to work with package used in this test os: [ubuntu-latest, macos-latest] name: 'Packaging: Config file' - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index d7fb4e0a2..686d6f32f 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -26,8 +26,6 @@ jobs: version: [nightly-20210831] # This CLI version is known to work with package used in this test os: [ubuntu-latest, macos-latest] name: 'Packaging: Action input' - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index e15cafdb4..4dd45d04c 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -35,8 +35,6 @@ jobs: - macos-latest - windows-latest name: Remote config file - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index d2f11f0f3..cc8f77bb1 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -32,8 +32,6 @@ jobs: - nightly-latest os: [ubuntu-latest] name: RuboCop multi-language - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index eb408c174..dc9d41116 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -26,8 +26,6 @@ jobs: version: [nightly-20210831] # This CLI version is known to work with package used in this test os: [ubuntu-latest, macos-latest] name: Split workflow - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index c5cbea166..c2e067cd5 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -26,8 +26,6 @@ jobs: version: [nightly-latest] os: [ubuntu-latest] name: Local CodeQL bundle - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index a203a8e80..582104acd 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -26,8 +26,6 @@ jobs: version: [latest] os: [ubuntu-latest] name: Proxy test - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__test-ruby.yml b/.github/workflows/__test-ruby.yml index 17baa790e..03979f130 100644 --- a/.github/workflows/__test-ruby.yml +++ b/.github/workflows/__test-ruby.yml @@ -26,8 +26,6 @@ jobs: version: [latest, cached, nightly-latest] os: [ubuntu-latest, macos-latest] name: Ruby analysis - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index c075a3c69..fbff545d5 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -32,8 +32,6 @@ jobs: - nightly-latest os: [ubuntu-latest] name: Test unsetting environment variables - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index e158f6ba7..72cf3b24d 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -35,8 +35,6 @@ jobs: - macos-latest - windows-latest name: "Upload-sarif: 'ref' and 'sha' from inputs" - permissions: - security-events: write runs-on: ${{ matrix.os }} steps: - name: Check out repository diff --git a/pr-checks/sync.py b/pr-checks/sync.py index dd6b234c0..0dc7efccf 100644 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -70,9 +70,6 @@ def writeHeader(checkStream): } }, 'name': checkSpecification['name'], - 'permissions': { - 'security-events': 'write' - }, 'runs-on': '${{ matrix.os }}', 'steps': steps }