gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-10-30 21:02:27 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Add token permissions for CIs to fix issues reported by scorecard (#3867)

Browse Source
This commit is contained in:
TianlongLiang 2024-10-22 09:13:55 +08:00 committed by GitHub
parent 3ad95303d6
commit b34b2c8e26
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
20 changed files with 164 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/build_docker_images.yml vendored
View File

@ -15,9 +15,14 @@ on:
type: string type: string
required: true required: true
permissions:
contents: read
jobs: jobs:
build-and-push-images: build-and-push-images:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
permissions:
contents: write # for uploading release artifacts
steps: steps:
- name: Checkout repository - name: Checkout repository

6
.github/workflows/build_iwasm_release.yml vendored
View File

@ -87,6 +87,9 @@ env:
-DWAMR_BUILD_EXCE_HANDLING=1 \ -DWAMR_BUILD_EXCE_HANDLING=1 \
-DWAMR_BUILD_GC=1" -DWAMR_BUILD_GC=1"
permissions:
contents: read
jobs: jobs:
build: build:
runs-on: ${{ inputs.runner }} runs-on: ${{ inputs.runner }}
@ -97,6 +100,9 @@ jobs:
suffix: '' suffix: ''
- build_options: $GC_EH_BUILD_OPTIONS - build_options: $GC_EH_BUILD_OPTIONS
suffix: '-gc-eh' suffix: '-gc-eh'
permissions:
contents: write # for uploading release artifacts
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

6
.github/workflows/build_llvm_libraries.yml vendored
View File

@ -27,6 +27,9 @@ on:
description: "A cached key of LLVM libraries" description: "A cached key of LLVM libraries"
value: ${{ jobs.build_llvm_libraries.outputs.key}} value: ${{ jobs.build_llvm_libraries.outputs.key}}
permissions:
contents: read
jobs: jobs:
build_llvm_libraries: build_llvm_libraries:
runs-on: ${{ inputs.os }} runs-on: ${{ inputs.os }}
@ -36,6 +39,9 @@ jobs:
image: ${{ inputs.container_image }} image: ${{ inputs.container_image }}
outputs: outputs:
key: ${{ steps.create_lib_cache_key.outputs.key}} key: ${{ steps.create_lib_cache_key.outputs.key}}
permissions:
contents: read
actions: write # for uploading cached artifact
steps: steps:
- name: checkout - name: checkout

8
.github/workflows/build_wamr_lldb.yml vendored
View File

@ -28,8 +28,13 @@ on:
required: false required: false
default: "https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-20/wasi-sdk-20.0-linux.tar.gz" default: "https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-20/wasi-sdk-20.0-linux.tar.gz"
permissions:
contents: read
jobs: jobs:
try_reuse: try_reuse:
permissions:
contents: write # for uploading release artifacts
uses: ./.github/workflows/reuse_latest_release_binaries.yml uses: ./.github/workflows/reuse_latest_release_binaries.yml
with: with:
binary_name_stem: "wamr-lldb-${{ inputs.ver_num }}-${{ inputs.arch }}-${{ inputs.runner }}" binary_name_stem: "wamr-lldb-${{ inputs.ver_num }}-${{ inputs.arch }}-${{ inputs.runner }}"
@ -46,6 +51,9 @@ jobs:
PYTHON_VERSION: '3.10' PYTHON_VERSION: '3.10'
PYTHON_UBUNTU_STANDALONE_BUILD: https://github.com/indygreg/python-build-standalone/releases/download/20230507/cpython-3.10.11+20230507-x86_64-unknown-linux-gnu-install_only.tar.gz PYTHON_UBUNTU_STANDALONE_BUILD: https://github.com/indygreg/python-build-standalone/releases/download/20230507/cpython-3.10.11+20230507-x86_64-unknown-linux-gnu-install_only.tar.gz
PYTHON_MACOS_STANDALONE_BUILD: https://github.com/indygreg/python-build-standalone/releases/download/20230507/cpython-3.10.11+20230507-x86_64-apple-darwin-install_only.tar.gz PYTHON_MACOS_STANDALONE_BUILD: https://github.com/indygreg/python-build-standalone/releases/download/20230507/cpython-3.10.11+20230507-x86_64-apple-darwin-install_only.tar.gz
permissions:
contents: write # for uploading release artifacts
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

6
.github/workflows/build_wamr_sdk.yml vendored
View File

@ -35,9 +35,15 @@ on:
type: string type: string
required: true required: true
permissions:
contents: read
jobs: jobs:
build: build:
runs-on: ${{ inputs.runner }} runs-on: ${{ inputs.runner }}
permissions:
contents: write # for uploading release artifacts
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

6
.github/workflows/build_wamr_vscode_ext.yml vendored
View File

@ -14,9 +14,15 @@ on:
type: string type: string
required: true required: true
permissions:
contents: read
jobs: jobs:
build: build:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
permissions:
contents: write # for uploading release artifacts
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

6
.github/workflows/build_wamrc.yml vendored
View File

@ -31,9 +31,15 @@ on:
type: string type: string
required: false required: false
permissions:
contents: read
jobs: jobs:
build: build:
runs-on: ${{ inputs.runner }} runs-on: ${{ inputs.runner }}
permissions:
contents: write # for uploading release artifacts
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

12
.github/workflows/codeql.yml vendored
View File

@ -19,6 +19,9 @@ on:
# allow to be triggered manually # allow to be triggered manually
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
analyze: analyze:
if: github.repository == 'bytecodealliance/wasm-micro-runtime' if: github.repository == 'bytecodealliance/wasm-micro-runtime'
@ -30,10 +33,6 @@ jobs:
# Consider using larger runners for possible analysis time improvements. # Consider using larger runners for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-13') || 'ubuntu-22.04' }} runs-on: ${{ (matrix.language == 'swift' && 'macos-13') || 'ubuntu-22.04' }}
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
permissions:
actions: read
contents: read
security-events: write
strategy: strategy:
fail-fast: false fail-fast: false
@ -41,6 +40,11 @@ jobs:
language: [ 'cpp' ] language: [ 'cpp' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
permissions:
contents: read
actions: read
security-events: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v3 uses: actions/checkout@v3

3
.github/workflows/coding_guidelines.yml vendored
View File

@ -14,6 +14,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
compliance_job: compliance_job:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04

6
.github/workflows/compilation_on_android_ubuntu.yml vendored
View File

@ -70,8 +70,14 @@ env:
MEMORY64_TEST_OPTIONS: "-s spec -W -b -P" MEMORY64_TEST_OPTIONS: "-s spec -W -b -P"
MULTI_MEMORY_TEST_OPTIONS: "-s spec -E -b -P" MULTI_MEMORY_TEST_OPTIONS: "-s spec -E -b -P"
permissions:
contents: read
jobs: jobs:
build_llvm_libraries_on_ubuntu_2204: build_llvm_libraries_on_ubuntu_2204:
permissions:
contents: read
actions: write
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
os: "ubuntu-22.04" os: "ubuntu-22.04"

9
.github/workflows/compilation_on_macos.yml vendored
View File

@ -52,13 +52,22 @@ env:
LLVM_LAZY_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=1" LLVM_LAZY_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=1"
LLVM_EAGER_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=0" LLVM_EAGER_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=0"
permissions:
contents: read
jobs: jobs:
build_llvm_libraries_on_intel_macos: build_llvm_libraries_on_intel_macos:
permissions:
contents: read
actions: write
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
os: "macos-13" os: "macos-13"
arch: "X86" arch: "X86"
build_llvm_libraries_on_arm_macos: build_llvm_libraries_on_arm_macos:
permissions:
contents: read
actions: write
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
os: "macos-14" os: "macos-14"

3
.github/workflows/compilation_on_nuttx.yml vendored
View File

@ -46,6 +46,9 @@ concurrency:
env: env:
WASI_SDK_PATH: "/opt/wasi-sdk" WASI_SDK_PATH: "/opt/wasi-sdk"
permissions:
contents: read
jobs: jobs:
build_iwasm_on_nuttx: build_iwasm_on_nuttx:
runs-on: ubuntu-latest runs-on: ubuntu-latest

6
.github/workflows/compilation_on_sgx.yml vendored
View File

@ -54,8 +54,14 @@ env:
LLVM_LAZY_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=1" LLVM_LAZY_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=1"
LLVM_EAGER_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=0" LLVM_EAGER_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=0"
permissions:
contents: read
jobs: jobs:
build_llvm_libraries: build_llvm_libraries:
permissions:
contents: read
actions: write
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
os: "ubuntu-20.04" os: "ubuntu-20.04"

3
.github/workflows/compilation_on_windows.yml vendored
View File

@ -53,6 +53,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
build: build:
runs-on: windows-latest runs-on: windows-latest

5
.github/workflows/create_tag.yml vendored
View File

@ -15,6 +15,9 @@ on:
description: "the new tag just created" description: "the new tag just created"
value: ${{ jobs.create_tag.outputs.new_tag}} value: ${{ jobs.create_tag.outputs.new_tag}}
permissions:
contents: read
jobs: jobs:
create_tag: create_tag:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -22,6 +25,8 @@ jobs:
minor_version: ${{ steps.preparation.outputs.minor_version }} minor_version: ${{ steps.preparation.outputs.minor_version }}
new_ver: ${{ steps.preparation.outputs.new_ver }} new_ver: ${{ steps.preparation.outputs.new_ver }}
new_tag: ${{ steps.preparation.outputs.new_tag }} new_tag: ${{ steps.preparation.outputs.new_tag }}
permissions:
contents: write # create and push tags
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

3
.github/workflows/hadolint_dockerfiles.yml vendored
View File

@ -28,6 +28,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
run-hadolint-on-dockerfiles: run-hadolint-on-dockerfiles:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04

9
.github/workflows/nightly_run.yml vendored
View File

@ -44,13 +44,22 @@ env:
X86_32_TARGET_TEST_OPTIONS: "-m x86_32 -P" X86_32_TARGET_TEST_OPTIONS: "-m x86_32 -P"
WASI_TEST_OPTIONS: "-s wasi_certification -w" WASI_TEST_OPTIONS: "-s wasi_certification -w"
permissions:
contents: read
jobs: jobs:
build_llvm_libraries_on_ubuntu_2004: build_llvm_libraries_on_ubuntu_2004:
permissions:
contents: read
actions: write
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
os: "ubuntu-20.04" os: "ubuntu-20.04"
arch: "X86" arch: "X86"
build_llvm_libraries_on_ubuntu_2204: build_llvm_libraries_on_ubuntu_2204:
permissions:
contents: read
actions: write
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
os: "ubuntu-22.04" os: "ubuntu-22.04"

51
.github/workflows/release_process.yml vendored
View File

@ -18,11 +18,18 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
create_tag: create_tag:
permissions:
contents: write # create and push tags
uses: ./.github/workflows/create_tag.yml uses: ./.github/workflows/create_tag.yml
create_release: create_release:
permissions:
contents: write # create release
needs: [create_tag] needs: [create_tag]
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
@ -52,6 +59,9 @@ jobs:
# #
# LLVM_LIBRARIES # LLVM_LIBRARIES
build_llvm_libraries_on_ubuntu_2004: build_llvm_libraries_on_ubuntu_2004:
permissions:
contents: read
actions: write
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
@ -59,6 +69,9 @@ jobs:
arch: "AArch64 ARM Mips RISCV X86" arch: "AArch64 ARM Mips RISCV X86"
build_llvm_libraries_on_ubuntu_2204: build_llvm_libraries_on_ubuntu_2204:
permissions:
contents: read
actions: write
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
@ -66,6 +79,9 @@ jobs:
arch: "AArch64 ARM Mips RISCV X86" arch: "AArch64 ARM Mips RISCV X86"
build_llvm_libraries_on_macos: build_llvm_libraries_on_macos:
permissions:
contents: read
actions: write
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
@ -73,6 +89,9 @@ jobs:
arch: "AArch64 ARM Mips RISCV X86" arch: "AArch64 ARM Mips RISCV X86"
build_llvm_libraries_on_windows: build_llvm_libraries_on_windows:
permissions:
contents: read
actions: write
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
@ -82,6 +101,8 @@ jobs:
# #
# WAMRC # WAMRC
release_wamrc_on_ubuntu_2004: release_wamrc_on_ubuntu_2004:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release, build_llvm_libraries_on_ubuntu_2004] needs: [create_tag, create_release, build_llvm_libraries_on_ubuntu_2004]
uses: ./.github/workflows/build_wamrc.yml uses: ./.github/workflows/build_wamrc.yml
with: with:
@ -92,6 +113,8 @@ jobs:
ver_num: ${{ needs.create_tag.outputs.new_ver}} ver_num: ${{ needs.create_tag.outputs.new_ver}}
release_wamrc_on_ubuntu_2204: release_wamrc_on_ubuntu_2204:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release, build_llvm_libraries_on_ubuntu_2204 ] needs: [create_tag, create_release, build_llvm_libraries_on_ubuntu_2204 ]
uses: ./.github/workflows/build_wamrc.yml uses: ./.github/workflows/build_wamrc.yml
with: with:
@ -102,6 +125,8 @@ jobs:
ver_num: ${{ needs.create_tag.outputs.new_ver }} ver_num: ${{ needs.create_tag.outputs.new_ver }}
release_wamrc_on_ubuntu_macos: release_wamrc_on_ubuntu_macos:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release, build_llvm_libraries_on_macos] needs: [create_tag, create_release, build_llvm_libraries_on_macos]
uses: ./.github/workflows/build_wamrc.yml uses: ./.github/workflows/build_wamrc.yml
with: with:
@ -112,6 +137,8 @@ jobs:
ver_num: ${{ needs.create_tag.outputs.new_ver }} ver_num: ${{ needs.create_tag.outputs.new_ver }}
release_wamrc_on_windows: release_wamrc_on_windows:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release, build_llvm_libraries_on_windows] needs: [create_tag, create_release, build_llvm_libraries_on_windows]
uses: ./.github/workflows/build_wamrc.yml uses: ./.github/workflows/build_wamrc.yml
with: with:
@ -124,6 +151,8 @@ jobs:
# #
# IWASM # IWASM
release_iwasm_on_ubuntu_2004: release_iwasm_on_ubuntu_2004:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release, build_llvm_libraries_on_ubuntu_2004] needs: [create_tag, create_release, build_llvm_libraries_on_ubuntu_2004]
uses: ./.github/workflows/build_iwasm_release.yml uses: ./.github/workflows/build_iwasm_release.yml
with: with:
@ -134,6 +163,8 @@ jobs:
ver_num: ${{ needs.create_tag.outputs.new_ver}} ver_num: ${{ needs.create_tag.outputs.new_ver}}
release_iwasm_on_ubuntu_2204: release_iwasm_on_ubuntu_2204:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release, build_llvm_libraries_on_ubuntu_2204] needs: [create_tag, create_release, build_llvm_libraries_on_ubuntu_2204]
uses: ./.github/workflows/build_iwasm_release.yml uses: ./.github/workflows/build_iwasm_release.yml
with: with:
@ -144,6 +175,8 @@ jobs:
ver_num: ${{ needs.create_tag.outputs.new_ver}} ver_num: ${{ needs.create_tag.outputs.new_ver}}
release_iwasm_on_macos: release_iwasm_on_macos:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release, build_llvm_libraries_on_macos] needs: [create_tag, create_release, build_llvm_libraries_on_macos]
uses: ./.github/workflows/build_iwasm_release.yml uses: ./.github/workflows/build_iwasm_release.yml
with: with:
@ -154,6 +187,8 @@ jobs:
ver_num: ${{ needs.create_tag.outputs.new_ver}} ver_num: ${{ needs.create_tag.outputs.new_ver}}
release_iwasm_on_windows: release_iwasm_on_windows:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release, build_llvm_libraries_on_windows] needs: [create_tag, create_release, build_llvm_libraries_on_windows]
uses: ./.github/workflows/build_iwasm_release.yml uses: ./.github/workflows/build_iwasm_release.yml
with: with:
@ -166,6 +201,8 @@ jobs:
# #
# WAMR_SDK # WAMR_SDK
release_wamr_sdk_on_ubuntu_2004: release_wamr_sdk_on_ubuntu_2004:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_wamr_sdk.yml uses: ./.github/workflows/build_wamr_sdk.yml
with: with:
@ -177,6 +214,8 @@ jobs:
wamr_app_framework_url: https://github.com/bytecodealliance/wamr-app-framework.git wamr_app_framework_url: https://github.com/bytecodealliance/wamr-app-framework.git
release_wamr_sdk_on_ubuntu_2204: release_wamr_sdk_on_ubuntu_2204:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_wamr_sdk.yml uses: ./.github/workflows/build_wamr_sdk.yml
with: with:
@ -188,6 +227,8 @@ jobs:
wamr_app_framework_url: https://github.com/bytecodealliance/wamr-app-framework.git wamr_app_framework_url: https://github.com/bytecodealliance/wamr-app-framework.git
release_wamr_sdk_on_macos: release_wamr_sdk_on_macos:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_wamr_sdk.yml uses: ./.github/workflows/build_wamr_sdk.yml
with: with:
@ -201,6 +242,8 @@ jobs:
# #
# vscode extension cross-platform # vscode extension cross-platform
release_wamr_ide_vscode_ext: release_wamr_ide_vscode_ext:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_wamr_vscode_ext.yml uses: ./.github/workflows/build_wamr_vscode_ext.yml
secrets: inherit secrets: inherit
@ -211,6 +254,8 @@ jobs:
# #
# vscode extension docker images package # vscode extension docker images package
release_wamr_ide_docker_images_package: release_wamr_ide_docker_images_package:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_docker_images.yml uses: ./.github/workflows/build_docker_images.yml
with: with:
@ -220,6 +265,8 @@ jobs:
# #
# WAMR_LLDB # WAMR_LLDB
release_wamr_lldb_on_ubuntu_2004: release_wamr_lldb_on_ubuntu_2004:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_wamr_lldb.yml uses: ./.github/workflows/build_wamr_lldb.yml
with: with:
@ -228,6 +275,8 @@ jobs:
ver_num: ${{ needs.create_tag.outputs.new_ver}} ver_num: ${{ needs.create_tag.outputs.new_ver}}
release_wamr_lldb_on_ubuntu_2204: release_wamr_lldb_on_ubuntu_2204:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_wamr_lldb.yml uses: ./.github/workflows/build_wamr_lldb.yml
with: with:
@ -236,6 +285,8 @@ jobs:
ver_num: ${{ needs.create_tag.outputs.new_ver}} ver_num: ${{ needs.create_tag.outputs.new_ver}}
release_wamr_lldb_on_macos_universal: release_wamr_lldb_on_macos_universal:
permissions:
contents: write # upload release artifact
needs: [create_tag, create_release] needs: [create_tag, create_release]
uses: ./.github/workflows/build_wamr_lldb.yml uses: ./.github/workflows/build_wamr_lldb.yml
with: with:

6
.github/workflows/reuse_latest_release_binaries.yml vendored
View File

@ -22,11 +22,17 @@ on:
result: result:
value: ${{ jobs.build.outputs.result }} value: ${{ jobs.build.outputs.result }}
permissions:
contents: read
jobs: jobs:
reuse: reuse:
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
result: ${{ steps.try_reuse.outputs.result }} result: ${{ steps.try_reuse.outputs.result }}
permissions:
contents: write # for creating realease and uploading release artifacts
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
# Full git history is needed to get a proper list of commits and tags # Full git history is needed to get a proper list of commits and tags

9
.github/workflows/spec_test_on_nuttx.yml vendored
View File

@ -29,8 +29,14 @@ env:
LLVM_CACHE_SUFFIX: "build-llvm_libraries_ex" LLVM_CACHE_SUFFIX: "build-llvm_libraries_ex"
WASI_SDK_PATH: "/opt/wasi-sdk" WASI_SDK_PATH: "/opt/wasi-sdk"
permissions:
contents: read
jobs: jobs:
build_llvm_libraries: build_llvm_libraries:
permissions:
contents: read
actions: write
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
os: "ubuntu-22.04" os: "ubuntu-22.04"
@ -38,6 +44,9 @@ jobs:
container_image: ghcr.io/no1wudi/nuttx/apache-nuttx-ci-linux@sha256:8c4e00b607d4d6d66ba8f51c4544819a616eac69d3a2ac669e2af2150e2eb0f9 container_image: ghcr.io/no1wudi/nuttx/apache-nuttx-ci-linux@sha256:8c4e00b607d4d6d66ba8f51c4544819a616eac69d3a2ac669e2af2150e2eb0f9
build_llvm_libraries_xtensa: build_llvm_libraries_xtensa:
permissions:
contents: read
actions: write
uses: ./.github/workflows/build_llvm_libraries.yml uses: ./.github/workflows/build_llvm_libraries.yml
with: with:
os: "ubuntu-22.04" os: "ubuntu-22.04"