github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2025-07-07 05:30:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: set explicit workflow permissions (#31830)

Browse Source 
* Set explicit workflow permissions
* Should be a no-op since we're using restricted GITHUB_TOKENs by
default
This commit is contained in:
Eugene Yurtsev 2025-07-03 10:02:18 -04:00 committed by GitHub
parent 46745f91b5
commit 6dca787a9d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
14 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/_compile_integration_test.yml vendored
View File

@ -12,6 +12,9 @@ on:
type: string type: string
description: "Python version to use" description: "Python version to use"
permissions:
contents: read
env: env:
UV_FROZEN: "true" UV_FROZEN: "true"

3
.github/workflows/_integration_test.yml vendored
View File

@ -12,6 +12,9 @@ on:
type: string type: string
description: "Python version to use" description: "Python version to use"
permissions:
contents: read
env: env:
UV_FROZEN: "true" UV_FROZEN: "true"

3
.github/workflows/_lint.yml vendored
View File

@ -12,6 +12,9 @@ on:
type: string type: string
description: "Python version to use" description: "Python version to use"
permissions:
contents: read
env: env:
WORKDIR: ${{ inputs.working-directory == '' && '.' || inputs.working-directory }} WORKDIR: ${{ inputs.working-directory == '' && '.' || inputs.working-directory }}

3
.github/workflows/_test.yml vendored
View File

@ -12,6 +12,9 @@ on:
type: string type: string
description: "Python version to use" description: "Python version to use"
permissions:
contents: read
env: env:
UV_FROZEN: "true" UV_FROZEN: "true"
UV_NO_SYNC: "true" UV_NO_SYNC: "true"

3
.github/workflows/_test_doc_imports.yml vendored
View File

@ -8,6 +8,9 @@ on:
type: string type: string
description: "Python version to use" description: "Python version to use"
permissions:
contents: read
env: env:
UV_FROZEN: "true" UV_FROZEN: "true"

3
.github/workflows/_test_pydantic.yml vendored
View File

@ -17,6 +17,9 @@ on:
type: string type: string
description: "Pydantic version to test." description: "Pydantic version to test."
permissions:
contents: read
env: env:
UV_FROZEN: "true" UV_FROZEN: "true"
UV_NO_SYNC: "true" UV_NO_SYNC: "true"

3
.github/workflows/check-broken-links.yml vendored
View File

@ -5,6 +5,9 @@ on:
schedule: schedule:
- cron: '0 13 * * *' - cron: '0 13 * * *'
permissions:
contents: read
jobs: jobs:
check-links: check-links:
if: github.repository_owner == 'langchain-ai' || github.event_name != 'schedule' if: github.repository_owner == 'langchain-ai' || github.event_name != 'schedule'

3
.github/workflows/check_core_versions.yml vendored
View File

@ -6,6 +6,9 @@ on:
- 'libs/core/pyproject.toml' - 'libs/core/pyproject.toml'
- 'libs/core/langchain_core/version.py' - 'libs/core/langchain_core/version.py'
permissions:
contents: read
jobs: jobs:
check_version_equality: check_version_equality:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/check_diffs.yml vendored
View File

@ -16,6 +16,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
env: env:
UV_FROZEN: "true" UV_FROZEN: "true"
UV_NO_SYNC: "true" UV_NO_SYNC: "true"

3
.github/workflows/check_new_docs.yml vendored
View File

@ -15,6 +15,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
permissions:
contents: read
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/codspeed.yml vendored
View File

@ -7,6 +7,9 @@ on:
pull_request: pull_request:
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
env: env:
AZURE_OPENAI_CHAT_DEPLOYMENT_NAME: foo AZURE_OPENAI_CHAT_DEPLOYMENT_NAME: foo
AZURE_OPENAI_LEGACY_CHAT_DEPLOYMENT_NAME: foo AZURE_OPENAI_LEGACY_CHAT_DEPLOYMENT_NAME: foo

3
.github/workflows/people.yml vendored
View File

@ -11,7 +11,8 @@ jobs:
langchain-people: langchain-people:
if: github.repository_owner == 'langchain-ai' || github.event_name != 'schedule' if: github.repository_owner == 'langchain-ai' || github.event_name != 'schedule'
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: write-all permissions:
contents: write
steps: steps:
- name: Dump GitHub context - name: Dump GitHub context
env: env:

3
.github/workflows/run_notebooks.yml vendored
View File

@ -14,6 +14,9 @@ on:
schedule: schedule:
- cron: '0 13 * * *' - cron: '0 13 * * *'
permissions:
contents: read
env: env:
UV_FROZEN: "true" UV_FROZEN: "true"

3
.github/workflows/scheduled_test.yml vendored
View File

@ -12,6 +12,9 @@ on:
schedule: schedule:
- cron: '0 13 * * *' - cron: '0 13 * * *'
permissions:
contents: read
env: env:
POETRY_VERSION: "1.8.4" POETRY_VERSION: "1.8.4"
UV_FROZEN: "true" UV_FROZEN: "true"