Skip to content

Commit 4e47643

Browse files
committed
fix: remove unnecessary secret passing
1 parent e0b86be commit 4e47643

4 files changed

Lines changed: 11 additions & 54 deletions

File tree

.github/workflows/build.yaml

Lines changed: 9 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -54,12 +54,7 @@ jobs:
5454

5555
rocky8-clib-standalone-build-matrix:
5656
permissions:
57-
actions: read
5857
contents: read
59-
id-token: write
60-
packages: read
61-
pull-requests: read
62-
secrets: inherit # zizmor: ignore[secrets-inherit]
6358
uses: rapidsai/shared-workflows/.github/workflows/compute-matrix.yaml@main
6459
with:
6560
build_type: pull-request
@@ -92,12 +87,7 @@ jobs:
9287
rust-build-matrix:
9388
needs: cpp-build
9489
permissions:
95-
actions: read
9690
contents: read
97-
id-token: write
98-
packages: read
99-
pull-requests: read
100-
secrets: inherit # zizmor: ignore[secrets-inherit]
10191
uses: rapidsai/shared-workflows/.github/workflows/compute-matrix.yaml@main
10292
with:
10393
build_type: pull-request
@@ -130,12 +120,7 @@ jobs:
130120
go-build-matrix:
131121
needs: cpp-build
132122
permissions:
133-
actions: read
134123
contents: read
135-
id-token: write
136-
packages: read
137-
pull-requests: read
138-
secrets: inherit # zizmor: ignore[secrets-inherit]
139124
uses: rapidsai/shared-workflows/.github/workflows/compute-matrix.yaml@main
140125
with:
141126
build_type: pull-request
@@ -168,12 +153,7 @@ jobs:
168153
java-build-matrix:
169154
needs: cpp-build
170155
permissions:
171-
actions: read
172156
contents: read
173-
id-token: write
174-
packages: read
175-
pull-requests: read
176-
secrets: inherit # zizmor: ignore[secrets-inherit]
177157
uses: rapidsai/shared-workflows/.github/workflows/compute-matrix.yaml@main
178158
with:
179159
build_type: pull-request
@@ -230,8 +210,10 @@ jobs:
230210
id-token: write
231211
packages: read
232212
pull-requests: read
233-
secrets: inherit # zizmor: ignore[secrets-inherit]
234213
uses: rapidsai/shared-workflows/.github/workflows/conda-upload-packages.yaml@main
214+
secrets:
215+
CONDA_RAPIDSAI_NIGHTLY_TOKEN: ${{ secrets.CONDA_RAPIDSAI_NIGHTLY_TOKEN }}
216+
CONDA_RAPIDSAI_TOKEN: ${{ secrets.CONDA_RAPIDSAI_TOKEN }}
235217
with:
236218
build_type: ${{ inputs.build_type || 'branch' }}
237219
branch: ${{ inputs.branch }}
@@ -293,8 +275,10 @@ jobs:
293275
id-token: write
294276
packages: read
295277
pull-requests: read
296-
secrets: inherit # zizmor: ignore[secrets-inherit]
297278
uses: rapidsai/shared-workflows/.github/workflows/wheels-publish.yaml@main
279+
secrets:
280+
CONDA_RAPIDSAI_WHEELS_NIGHTLY_TOKEN: ${{ secrets.CONDA_RAPIDSAI_WHEELS_NIGHTLY_TOKEN }}
281+
RAPIDSAI_PYPI_TOKEN: ${{ secrets.RAPIDSAI_PYPI_TOKEN }}
298282
with:
299283
build_type: ${{ inputs.build_type || 'branch' }}
300284
branch: ${{ inputs.branch }}
@@ -331,8 +315,10 @@ jobs:
331315
id-token: write
332316
packages: read
333317
pull-requests: read
334-
secrets: inherit # zizmor: ignore[secrets-inherit]
335318
uses: rapidsai/shared-workflows/.github/workflows/wheels-publish.yaml@main
319+
secrets:
320+
CONDA_RAPIDSAI_WHEELS_NIGHTLY_TOKEN: ${{ secrets.CONDA_RAPIDSAI_WHEELS_NIGHTLY_TOKEN }}
321+
RAPIDSAI_PYPI_TOKEN: ${{ secrets.RAPIDSAI_PYPI_TOKEN }}
336322
with:
337323
build_type: ${{ inputs.build_type || 'branch' }}
338324
branch: ${{ inputs.branch }}

.github/workflows/pr.yaml

Lines changed: 0 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,6 @@ jobs:
4141
id-token: write
4242
packages: read
4343
pull-requests: read
44-
secrets: inherit # zizmor: ignore[secrets-inherit]
4544
uses: rapidsai/shared-workflows/.github/workflows/pr-builder.yaml@main
4645
if: always()
4746
with:
@@ -84,7 +83,6 @@ jobs:
8483
id-token: write
8584
packages: read
8685
pull-requests: read
87-
secrets: inherit # zizmor: ignore[secrets-inherit]
8886
uses: rapidsai/shared-workflows/.github/workflows/changed-files.yaml@main
8987
with:
9088
files_yaml: |
@@ -353,7 +351,6 @@ jobs:
353351
id-token: write
354352
packages: read
355353
pull-requests: read
356-
secrets: inherit # zizmor: ignore[secrets-inherit]
357354
uses: rapidsai/shared-workflows/.github/workflows/checks.yaml@main
358355
with:
359356
enable_check_generated_files: false
@@ -402,7 +399,6 @@ jobs:
402399
id-token: write
403400
packages: read
404401
pull-requests: read
405-
secrets: inherit # zizmor: ignore[secrets-inherit]
406402
uses: rapidsai/shared-workflows/.github/workflows/conda-cpp-post-build-checks.yaml@main
407403
with:
408404
build_type: pull-request
@@ -439,12 +435,7 @@ jobs:
439435
rocky8-clib-standalone-build-matrix:
440436
needs: checks
441437
permissions:
442-
actions: read
443438
contents: read
444-
id-token: write
445-
packages: read
446-
pull-requests: read
447-
secrets: inherit # zizmor: ignore[secrets-inherit]
448439
uses: rapidsai/shared-workflows/.github/workflows/compute-matrix.yaml@main
449440
with:
450441
build_type: pull-request
@@ -476,12 +467,7 @@ jobs:
476467
rocky8-clib-tests-matrix:
477468
needs: [rocky8-clib-standalone-build, changed-files]
478469
permissions:
479-
actions: read
480470
contents: read
481-
id-token: write
482-
packages: read
483-
pull-requests: read
484-
secrets: inherit # zizmor: ignore[secrets-inherit]
485471
uses: rapidsai/shared-workflows/.github/workflows/compute-matrix.yaml@main
486472
if: fromJSON(needs.changed-files.outputs.changed_file_groups).test_cpp
487473
with:
@@ -511,12 +497,7 @@ jobs:
511497
conda-java-build-and-tests-matrix:
512498
needs: [conda-cpp-build, changed-files]
513499
permissions:
514-
actions: read
515500
contents: read
516-
id-token: write
517-
packages: read
518-
pull-requests: read
519-
secrets: inherit # zizmor: ignore[secrets-inherit]
520501
uses: rapidsai/shared-workflows/.github/workflows/compute-matrix.yaml@main
521502
if: fromJSON(needs.changed-files.outputs.changed_file_groups).test_java || fromJSON(needs.changed-files.outputs.changed_file_groups).test_cpp
522503
with:
@@ -549,12 +530,7 @@ jobs:
549530
rust-build-matrix:
550531
needs: [conda-cpp-build, changed-files]
551532
permissions:
552-
actions: read
553533
contents: read
554-
id-token: write
555-
packages: read
556-
pull-requests: read
557-
secrets: inherit # zizmor: ignore[secrets-inherit]
558534
uses: rapidsai/shared-workflows/.github/workflows/compute-matrix.yaml@main
559535
if: fromJSON(needs.changed-files.outputs.changed_file_groups).test_rust || fromJSON(needs.changed-files.outputs.changed_file_groups).test_cpp
560536
with:
@@ -585,12 +561,7 @@ jobs:
585561
go-build-matrix:
586562
needs: [conda-cpp-build, changed-files]
587563
permissions:
588-
actions: read
589564
contents: read
590-
id-token: write
591-
packages: read
592-
pull-requests: read
593-
secrets: inherit # zizmor: ignore[secrets-inherit]
594565
uses: rapidsai/shared-workflows/.github/workflows/compute-matrix.yaml@main
595566
if: fromJSON(needs.changed-files.outputs.changed_file_groups).test_go || fromJSON(needs.changed-files.outputs.changed_file_groups).test_cpp
596567
with:

.github/workflows/test.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@ jobs:
3232
id-token: write
3333
packages: read
3434
pull-requests: read
35-
secrets: inherit # zizmor: ignore[secrets-inherit]
3635
uses: rapidsai/shared-workflows/.github/workflows/conda-cpp-post-build-checks.yaml@main
3736
with:
3837
build_type: ${{ inputs.build_type }}

.github/workflows/trigger-breaking-change-alert.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,9 @@ jobs:
2020
id-token: write
2121
packages: read
2222
pull-requests: read
23-
secrets: inherit # zizmor: ignore[secrets-inherit]
2423
uses: rapidsai/shared-workflows/.github/workflows/breaking-change-alert.yaml@main
24+
secrets:
25+
NV_SLACK_BREAKING_CHANGE_ALERT: ${{ secrets.NV_SLACK_BREAKING_CHANGE_ALERT }}
2526
with:
2627
sender_login: ${{ github.event.sender.login }}
2728
sender_avatar: ${{ github.event.sender.avatar_url }}

0 commit comments

Comments
 (0)