Change default workflow permissions of some repos to read

[thegecko]

As discussed in #14 (comment) we can lock down workflow permissions further and specify what's needed explicitly in the workflow definitions.

This locks down the repos I manage, they have had the permissions added (e.g. eclipse-cdt-cloud/vscode-peripheral-inspector#17)

cc @netomi

[github-actions]

Diff for 7756cde:

Printing local diff:

Actions are indicated with the following symbols:
+   create
!   modify
!   forced update
-   delete

Organization ecd.cdt-cloud[id=eclipse-cdt-cloud]
  there have been 7 validation infos, enable verbose output with '-v' to to display them.

  
!   repo_workflow_settings[repository="vscode-memory-inspector"] {
!     default_workflow_permissions      = "write" -> "read"
!   }

  
!   repo_workflow_settings[repository="vscode-peripheral-inspector"] {
!     default_workflow_permissions      = "write" -> "read"
!   }

  
!   repo_workflow_settings[repository="vscode-websocket-adapter"] {
!     default_workflow_permissions      = "write" -> "read"
!   }
  
  Plan: 0 to add, 3 to change, 0 to delete.

Canonical Diff for 7756cde:

Showing canonical diff:

Organization ecd.cdt-cloud[id=eclipse-cdt-cloud]

--- canonical
+++ original
@@ -1,16 +1,13 @@
 local orgs = import 'vendor/otterdog-defaults/otterdog-defaults.libsonnet';
 
-local custom_branch_protection_rule(pattern) = 
-  orgs.newBranchProtectionRule(pattern) {
-
-    required_approving_review_count: 0
-  };
 orgs.newOrg('eclipse-cdt-cloud') {
   _repositories+:: [
     orgs.newRepo('cdt-amalgamator') {
       allow_update_branch: false
       branch_protection_rules: [
-        custom_branch_protection_rule('main')
+        orgs.newBranchProtectionRule('main') {
+          required_approving_review_count: 0
+        }
       ]
       delete_branch_on_merge: false
       web_commit_signoff_required: false
@@ -56,7 +53,9 @@
     orgs.newRepo('cdt-gdb-adapter') {
       allow_update_branch: false
       branch_protection_rules: [
-        custom_branch_protection_rule('main')
+        orgs.newBranchProtectionRule('main') {
+          required_approving_review_count: 0
+        }
       ]
       delete_branch_on_merge: false
       dependabot_security_updates_enabled: true
@@ -75,7 +74,9 @@
     orgs.newRepo('cdt-gdb-vscode') {
       allow_update_branch: false
       branch_protection_rules: [
-        custom_branch_protection_rule('main')
+        orgs.newBranchProtectionRule('main') {
+          required_approving_review_count: 0
+        }
       ]
       delete_branch_on_merge: false
       dependabot_security_updates_enabled: true
@@ -293,13 +294,10 @@
           requires_strict_status_checks: true
         }
       ]
-      default_branch: "main"
-      delete_branch_on_merge: true
       description: "Fork of the VS Code extension for clangd with added support for multiple projects"
-      forked_repository: "clangd/vscode-clangd"
       homepage: "https://eclipse.dev/cdt-cloud"
-      topics: [
-        "clangd", 
+      topics+: [
+        "clangd"
         "vscode-extension"
       ]
       web_commit_signoff_required: false
@@ -307,36 +305,23 @@
     orgs.newRepo('vscode-memory-inspector') {
       allow_merge_commit: true
       allow_update_branch: false
-      delete_branch_on_merge: true
       description: "vscode memory inspector"
       homepage: "https://open-vsx.org/extension/eclipse-cdt/memory-inspector"
       web_commit_signoff_required: false
-      workflows+: {
-        default_workflow_permissions: "read"
-      }
     }
     orgs.newRepo('vscode-peripheral-inspector') {
-      aliases: ['vscode-svd-viewer']
       allow_merge_commit: true
       allow_update_branch: false
-      delete_branch_on_merge: true
       description: "vscode peripheral inspector"
       homepage: "https://open-vsx.org/extension/eclipse-cdt/peripheral-inspector"
       web_commit_signoff_required: false
-      workflows+: {
-        default_workflow_permissions: "read"
-      }
     }
     orgs.newRepo('vscode-serial-monitor') {
       allow_merge_commit: true
       allow_update_branch: false
-      delete_branch_on_merge: true
       description: "vscode serial monitor"
       homepage: "https://open-vsx.org/extension/eclipse-cdt/serial-monitor"
       web_commit_signoff_required: false
-      workflows+: {
-        default_workflow_permissions: "read"
-      }
     }
     orgs.newRepo('vscode-trace-extension') {
       allow_merge_commit: true
@@ -394,14 +379,10 @@
     orgs.newRepo('vscode-websocket-adapter') {
       allow_merge_commit: true
       allow_update_branch: false
-      delete_branch_on_merge: true
       description: "vscode websocket adapter"
       has_wiki: false
       homepage: "https://open-vsx.org/extension/eclipse-cdt/websocket-adapter"
       web_commit_signoff_required: false
-      workflows+: {
-        default_workflow_permissions: "read"
-      }
     }
     orgs.newRepo('website') {
       allow_merge_commit: true

[netomi]

changes are live.