(shardingsphere) branch master updated: workflow: add permissions for read access in multiple YAML files (#38252)

Fri, 27 Feb 2026 04:33:03 -0800 

This is an automated email from the ASF dual-hosted git repository.

zhonghongsheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git


The following commit(s) were added to refs/heads/master by this push:
     new 6d9c2232bfd workflow: add permissions for read access in multiple YAML 
files (#38252)
6d9c2232bfd is described below

commit 6d9c2232bfd92fcb2278ffddb7303f6f0b9727f6
Author: Hongsheng Zhong <[email protected]>
AuthorDate: Fri Feb 27 20:32:19 2026 +0800

    workflow: add permissions for read access in multiple YAML files (#38252)
---
 .github/workflows/ci.yml                    | 3 +++
 .github/workflows/e2e-agent.yml             | 3 +++
 .github/workflows/e2e-operation.yml         | 3 +++
 .github/workflows/e2e-sql.yml               | 3 +++
 .github/workflows/graalvm.yml               | 3 +++
 .github/workflows/nightly-build.yml         | 3 +++
 .github/workflows/nightly-check.yml         | 3 +++
 .github/workflows/nightly-ci.yml            | 3 +++
 .github/workflows/nightly-e2e-agent.yml     | 3 +++
 .github/workflows/nightly-e2e-operation.yml | 3 +++
 .github/workflows/nightly-e2e-sql.yml       | 3 +++
 .github/workflows/nightly-sql-parser.yml    | 3 +++
 .github/workflows/required-check.yml        | 3 +++
 .github/workflows/required-reusable.yml     | 3 +++
 .github/workflows/schedule-report.yml       | 3 +++
 15 files changed, 45 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 092ee75045d..68317d05bbd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -38,6 +38,9 @@ concurrency:
   group: ci-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3 -Dspotless.apply.skip=true
 
diff --git a/.github/workflows/e2e-agent.yml b/.github/workflows/e2e-agent.yml
index 1fa8fbcfa02..9b021c74815 100644
--- a/.github/workflows/e2e-agent.yml
+++ b/.github/workflows/e2e-agent.yml
@@ -38,6 +38,9 @@ concurrency:
   group: e2e-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3 -Dspotless.apply.skip=true
 
diff --git a/.github/workflows/e2e-operation.yml 
b/.github/workflows/e2e-operation.yml
index ed177717887..609b96eb6b1 100644
--- a/.github/workflows/e2e-operation.yml
+++ b/.github/workflows/e2e-operation.yml
@@ -28,6 +28,9 @@ concurrency:
   group: e2e-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3 -Dspotless.apply.skip=true 
-Dfailsafe.skipAfterFailureCount=1 -Dio.netty.leakDetectionLevel=advanced
 
diff --git a/.github/workflows/e2e-sql.yml b/.github/workflows/e2e-sql.yml
index 80cb4a7433d..8cd0beb9a62 100644
--- a/.github/workflows/e2e-sql.yml
+++ b/.github/workflows/e2e-sql.yml
@@ -41,6 +41,9 @@ concurrency:
   group: e2e-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3 -Dspotless.apply.skip=true
   SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1
diff --git a/.github/workflows/graalvm.yml b/.github/workflows/graalvm.yml
index 090a121f6cd..ea853fe7e76 100644
--- a/.github/workflows/graalvm.yml
+++ b/.github/workflows/graalvm.yml
@@ -32,6 +32,9 @@ concurrency:
   group: graalvm-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   global-environment:
     name: Import Global Environment
diff --git a/.github/workflows/nightly-build.yml 
b/.github/workflows/nightly-build.yml
index 8290a9bd58e..7fad3426305 100644
--- a/.github/workflows/nightly-build.yml
+++ b/.github/workflows/nightly-build.yml
@@ -31,6 +31,9 @@ concurrency:
   group: nightly-build-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3 -DskipITs -DskipTests 
-Dspotless.apply.skip=true
   HUB: ghcr.io/apache/shardingsphere
diff --git a/.github/workflows/nightly-check.yml 
b/.github/workflows/nightly-check.yml
index d0cafee012b..8051233115d 100644
--- a/.github/workflows/nightly-check.yml
+++ b/.github/workflows/nightly-check.yml
@@ -26,6 +26,9 @@ concurrency:
   group: nightly-check-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3
 
diff --git a/.github/workflows/nightly-ci.yml b/.github/workflows/nightly-ci.yml
index 8d4a6292b18..5f9183e60fb 100644
--- a/.github/workflows/nightly-ci.yml
+++ b/.github/workflows/nightly-ci.yml
@@ -26,6 +26,9 @@ concurrency:
   group: nightly-ci-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3
 
diff --git a/.github/workflows/nightly-e2e-agent.yml 
b/.github/workflows/nightly-e2e-agent.yml
index e90d70ff711..56f75833014 100644
--- a/.github/workflows/nightly-e2e-agent.yml
+++ b/.github/workflows/nightly-e2e-agent.yml
@@ -26,6 +26,9 @@ concurrency:
   group: e2e-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3 -Dspotless.apply.skip=true
 
diff --git a/.github/workflows/nightly-e2e-operation.yml 
b/.github/workflows/nightly-e2e-operation.yml
index e63505828c3..17172fd2418 100644
--- a/.github/workflows/nightly-e2e-operation.yml
+++ b/.github/workflows/nightly-e2e-operation.yml
@@ -31,6 +31,9 @@ concurrency:
   group: nightly-e2e-operation-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3 -Dspotless.apply.skip=true 
-Dfailsafe.skipAfterFailureCount=1 -Dio.netty.leakDetectionLevel=advanced
 
diff --git a/.github/workflows/nightly-e2e-sql.yml 
b/.github/workflows/nightly-e2e-sql.yml
index 00f09db1fdb..60781830ab1 100644
--- a/.github/workflows/nightly-e2e-sql.yml
+++ b/.github/workflows/nightly-e2e-sql.yml
@@ -26,6 +26,9 @@ concurrency:
   group: e2e-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3 -Dspotless.apply.skip=true
   SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1
diff --git a/.github/workflows/nightly-sql-parser.yml 
b/.github/workflows/nightly-sql-parser.yml
index a600067ae25..08494ea95a5 100644
--- a/.github/workflows/nightly-sql-parser.yml
+++ b/.github/workflows/nightly-sql-parser.yml
@@ -26,6 +26,9 @@ concurrency:
   group: nightly-sql-parser-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3 -Dspotless.apply.skip=true
   RUNS_ON: ubuntu-latest
diff --git a/.github/workflows/required-check.yml 
b/.github/workflows/required-check.yml
index 59d68f68abb..6688ff57c26 100644
--- a/.github/workflows/required-check.yml
+++ b/.github/workflows/required-check.yml
@@ -26,6 +26,9 @@ concurrency:
   group: check-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   global-environment:
     name: Import Global Environment
diff --git a/.github/workflows/required-reusable.yml 
b/.github/workflows/required-reusable.yml
index 9b6266b25b0..6f914a8f168 100644
--- a/.github/workflows/required-reusable.yml
+++ b/.github/workflows/required-reusable.yml
@@ -27,6 +27,9 @@ on:
       GLOBAL_IS_NIGHTLY_JOB_EXECUTABLE:
         value: ${{ 
jobs.init-environment.outputs.GLOBAL_IS_NIGHTLY_JOB_EXECUTABLE }}
 
+permissions:
+  contents: read
+
 jobs:
   init-environment:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/schedule-report.yml 
b/.github/workflows/schedule-report.yml
index 69cf09d9a3a..c419481ce41 100644
--- a/.github/workflows/schedule-report.yml
+++ b/.github/workflows/schedule-report.yml
@@ -26,6 +26,9 @@ concurrency:
   group: schedule-report-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false 
-Dmaven.wagon.http.retryHandler.class=standard 
-Dmaven.wagon.http.retryHandler.count=3

Reply via email to