From 172c265762bc2224ee47abd9f0aa358ad0662d4d Mon Sep 17 00:00:00 2001 From: "Project Mu UEFI Bot [bot]" <45776386+uefibot@users.noreply.github.com> Date: Wed, 31 Jan 2024 13:06:52 -0500 Subject: [PATCH] Repo File Sync: synced file(s) with microsoft/mu_devops (#239) --- .azurepipelines/MuDevOpsWrapper.yml | 2 +- .github/workflows/auto-approve.yml | 6 +++++- .github/workflows/auto-merge.yml | 8 +++++++- .github/workflows/issue-assignment.yml | 7 ++++++- .github/workflows/label-issues.yml | 7 ++++++- .github/workflows/label-sync.yml | 6 +++++- .github/workflows/pull-request-formatting-validator.yml | 5 +++++ .github/workflows/release-draft.yml | 7 ++++++- .github/workflows/scheduled-maintenance.yml | 5 +++++ .github/workflows/stale.yml | 7 ++++++- .github/workflows/triage-issues.yml | 6 +++++- 11 files changed, 57 insertions(+), 9 deletions(-) diff --git a/.azurepipelines/MuDevOpsWrapper.yml b/.azurepipelines/MuDevOpsWrapper.yml index 8556e1b4cc..a0e6236efd 100644 --- a/.azurepipelines/MuDevOpsWrapper.yml +++ b/.azurepipelines/MuDevOpsWrapper.yml @@ -19,7 +19,7 @@ resources: type: github endpoint: microsoft name: microsoft/mu_devops - ref: refs/tags/v7.2.0 + ref: refs/tags/v9.1.1 parameters: - name: do_ci_build diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index f136045896..fa4340652e 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -23,7 +23,11 @@ on: jobs: approval_check: + + permissions: + pull-requests: write + if: | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' - uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v7.2.0 + uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v9.1.1 secrets: inherit diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index dd835308cc..dc4b1fe392 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -24,7 +24,13 @@ on: jobs: merge_check: + + permissions: + contents: read + pull-requests: write + issues: write + if: | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' - uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v7.2.0 + uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v9.1.1 secrets: inherit diff --git a/.github/workflows/issue-assignment.yml b/.github/workflows/issue-assignment.yml index 65d93fed26..f3b2367a6f 100644 --- a/.github/workflows/issue-assignment.yml +++ b/.github/workflows/issue-assignment.yml @@ -18,4 +18,9 @@ on: jobs: apply: - uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v7.2.0 + + permissions: + contents: read + issues: write + + uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v9.1.1 diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml index 739549e922..f5706cc641 100644 --- a/.github/workflows/label-issues.yml +++ b/.github/workflows/label-issues.yml @@ -31,4 +31,9 @@ on: jobs: apply: - uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v7.2.0 + + permissions: + contents: read + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v9.1.1 diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index 9289e064ce..c551f4022b 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -24,4 +24,8 @@ on: jobs: sync: - uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v7.2.0 + + permissions: + issues: write + + uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v9.1.1 diff --git a/.github/workflows/pull-request-formatting-validator.yml b/.github/workflows/pull-request-formatting-validator.yml index 13ad68a915..7032b62637 100644 --- a/.github/workflows/pull-request-formatting-validator.yml +++ b/.github/workflows/pull-request-formatting-validator.yml @@ -23,6 +23,11 @@ on: jobs: validate_pr: runs-on: ubuntu-latest + + permissions: + contents: read + pull-requests: write + steps: - run: | prTitle="$(gh api graphql -F owner=$OWNER -F name=$REPO -F pr_number=$PR_NUMBER -f query=' diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml index ad79b83d8b..45c294ccd2 100644 --- a/.github/workflows/release-draft.yml +++ b/.github/workflows/release-draft.yml @@ -27,5 +27,10 @@ on: jobs: draft: - uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v7.2.0 + + permissions: + contents: write + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v9.1.1 secrets: inherit diff --git a/.github/workflows/scheduled-maintenance.yml b/.github/workflows/scheduled-maintenance.yml index 348f4a4ae8..eef4487f8d 100644 --- a/.github/workflows/scheduled-maintenance.yml +++ b/.github/workflows/scheduled-maintenance.yml @@ -24,6 +24,11 @@ on: jobs: repo_cleanup: runs-on: ubuntu-latest + + permissions: + pull-requests: write + issues: write + steps: - name: Get Repository Info run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 79087d5f79..eaa5419b17 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -24,4 +24,9 @@ on: jobs: check: - uses: microsoft/mu_devops/.github/workflows/Stale.yml@v7.2.0 + + permissions: + issues: write + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/Stale.yml@v9.1.1 diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml index 276e64b362..3d0636e84a 100644 --- a/.github/workflows/triage-issues.yml +++ b/.github/workflows/triage-issues.yml @@ -19,4 +19,8 @@ on: jobs: triage: - uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v7.2.0 + + permissions: + issues: write + + uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v9.1.1