This is an automated email from the ASF dual-hosted git repository.
dockerzhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/inlong.git
The following commit(s) were added to refs/heads/master by this push:
new c6a949e2e7 [INLONG-12083][CI] Upgrade github actions version and
specify permission of actions (#12084)
c6a949e2e7 is described below
commit c6a949e2e78bb2cb8084d8eb5c91531fa8d2c4d4
Author: vernedeng <[email protected]>
AuthorDate: Wed Feb 25 19:37:54 2026 +0800
[INLONG-12083][CI] Upgrade github actions version and specify permission of
actions (#12084)
---
.github/labeler.yml | 71 ++++++++++++++++++++-------------
.github/workflows/ci_build.yml | 3 ++
.github/workflows/ci_chart_test.yml | 7 +++-
.github/workflows/ci_check_format.yml | 3 ++
.github/workflows/ci_check_license.yml | 5 ++-
.github/workflows/ci_check_pr_title.yml | 3 ++
.github/workflows/ci_docker.yml | 9 +++--
.github/workflows/ci_greeting.yml | 24 +++++------
.github/workflows/ci_labeler.yml | 18 ++++++---
.github/workflows/ci_stale.yml | 2 +-
.github/workflows/ci_ut.yml | 3 ++
.github/workflows/ci_ut_flink13.yml | 3 ++
.github/workflows/ci_ut_flink15.yml | 3 ++
.github/workflows/ci_ut_flink18.yml | 3 ++
14 files changed, 103 insertions(+), 54 deletions(-)
diff --git a/.github/labeler.yml b/.github/labeler.yml
index e9525d0e2d..411c79d577 100644
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -16,51 +16,66 @@
#
component/agent:
- - 'inlong-agent/**/*'
+ - changed-files:
+ - any-glob-to-any-file: 'inlong-agent/**/*'
component/dataproxy:
- - 'inlong-dataproxy/**/*'
+ - changed-files:
+ - any-glob-to-any-file: 'inlong-dataproxy/**/*'
component/manager:
- - 'inlong-manager/**/*'
+ - changed-files:
+ - any-glob-to-any-file: 'inlong-manager/**/*'
component/sort:
- - 'inlong-sort/**/*'
- - 'inlong-sort-standalone/**/*'
+ - changed-files:
+ - any-glob-to-any-file:
+ - 'inlong-sort/**/*'
+ - 'inlong-sort-standalone/**/*'
component/tubemq:
- - 'inlong-tubemq/**/*'
+ - changed-files:
+ - any-glob-to-any-file: 'inlong-tubemq/**/*'
component/dashboard:
- - 'inlong-dashboard/**/*'
+ - changed-files:
+ - any-glob-to-any-file: 'inlong-dashboard/**/*'
component/audit:
- - 'inlong-audit/**/*'
+ - changed-files:
+ - any-glob-to-any-file: 'inlong-audit/**/*'
component/sdk:
- - 'inlong-sdk/**/*'
+ - changed-files:
+ - any-glob-to-any-file: 'inlong-sdk/**/*'
service/ci:
- - '.github/actions/**/*'
- - '.github/workflows/**/*'
- - '.github/labeler.yml'
- - '.github/PULL_REQUEST_TEMPLATE.md'
- - '.github/ISSUE_TEMPLATE/**/*'
+ - changed-files:
+ - any-glob-to-any-file:
+ - '.github/actions/**/*'
+ - '.github/workflows/**/*'
+ - '.github/labeler.yml'
+ - '.github/PULL_REQUEST_TEMPLATE.md'
+ - '.github/ISSUE_TEMPLATE/**/*'
service/docker:
- - '**/Dockerfile'
- - '**/*-docker.sh'
- - 'inlong-agent/agent-docker/**/*'
- - 'inlong-audit/audit-docker/**/*'
- - 'inlong-dataproxy/dataproxy-docker/**/*'
- - 'inlong-manager/manager-docker/**/*'
- - 'inlong-tubemq/tubemq-docker/**/*'
- - 'docker/docker-compose/**/*'
- - 'docker/build-docker-images.sh'
- - 'docker/publish-by-arch.sh'
+ - changed-files:
+ - any-glob-to-any-file:
+ - '**/Dockerfile'
+ - '**/*-docker.sh'
+ - 'inlong-agent/agent-docker/**/*'
+ - 'inlong-audit/audit-docker/**/*'
+ - 'inlong-dataproxy/dataproxy-docker/**/*'
+ - 'inlong-manager/manager-docker/**/*'
+ - 'inlong-tubemq/tubemq-docker/**/*'
+ - 'docker/docker-compose/**/*'
+ - 'docker/build-docker-images.sh'
+ - 'docker/publish-by-arch.sh'
service/k8s:
- - '.github/ct.yml'
- - '.github/kind.yml'
- - 'docker/kubernetes/**/*'
- - 'inlong-tubemq/tubemq-docker/tubemq-k8s/**/*'
\ No newline at end of file
+ - changed-files:
+ - any-glob-to-any-file:
+ - '.github/ct.yml'
+ - '.github/kind.yml'
+ - 'docker/kubernetes/**/*'
+ - 'inlong-tubemq/tubemq-docker/tubemq-k8s/**/*'
\ No newline at end of file
diff --git a/.github/workflows/ci_build.yml b/.github/workflows/ci_build.yml
index ae6d3aefc4..3355389cf4 100644
--- a/.github/workflows/ci_build.yml
+++ b/.github/workflows/ci_build.yml
@@ -52,6 +52,9 @@ on:
- 'inlong-tubemq/**'
- '!**.md'
+permissions:
+ contents: read
+
jobs:
build:
name: Build
diff --git a/.github/workflows/ci_chart_test.yml
b/.github/workflows/ci_chart_test.yml
index a8ae336620..4e4a8b7881 100644
--- a/.github/workflows/ci_chart_test.yml
+++ b/.github/workflows/ci_chart_test.yml
@@ -40,6 +40,9 @@ env:
CT_CONFIG_PATH: '.github/ct.yml'
KIND_CONFIG_PATH: '.github/kind.yml'
+permissions:
+ contents: read
+
jobs:
chart-test:
name: Lint and test charts
@@ -57,12 +60,12 @@ jobs:
submodules: true
- name: Set up Helm
- uses: azure/setup-helm@v1
+ uses: azure/setup-helm@v4
with:
version: v3.5.0
- name: Set up Python
- uses: actions/setup-python@v2
+ uses: actions/setup-python@v5
with:
python-version: 3.7
diff --git a/.github/workflows/ci_check_format.yml
b/.github/workflows/ci_check_format.yml
index a0738d875e..d1766102eb 100644
--- a/.github/workflows/ci_check_format.yml
+++ b/.github/workflows/ci_check_format.yml
@@ -19,6 +19,9 @@ name: InLong Code Format Check
on: [ push, pull_request ]
+permissions:
+ contents: read
+
jobs:
build:
name: Code Format Check
diff --git a/.github/workflows/ci_check_license.yml
b/.github/workflows/ci_check_license.yml
index 56b534a20a..d97687bbbd 100644
--- a/.github/workflows/ci_check_license.yml
+++ b/.github/workflows/ci_check_license.yml
@@ -19,6 +19,9 @@ name: InLong Check License Header
on: [ push, pull_request ]
+permissions:
+ contents: read
+
jobs:
check-license:
name: Check license header
@@ -28,7 +31,7 @@ jobs:
uses: actions/checkout@v4
- name: Check license header
- uses: apache/[email protected]
+ uses: apache/[email protected]
with:
log: info
config: .licenserc.yaml
diff --git a/.github/workflows/ci_check_pr_title.yml
b/.github/workflows/ci_check_pr_title.yml
index eac1719165..77e340f2fd 100644
--- a/.github/workflows/ci_check_pr_title.yml
+++ b/.github/workflows/ci_check_pr_title.yml
@@ -25,6 +25,9 @@ on:
- edited
- synchronize
+permissions:
+ contents: read
+
jobs:
check:
name: Check pull request title
diff --git a/.github/workflows/ci_docker.yml b/.github/workflows/ci_docker.yml
index 3ed84f2e36..eb184df32f 100644
--- a/.github/workflows/ci_docker.yml
+++ b/.github/workflows/ci_docker.yml
@@ -46,6 +46,9 @@ on:
- 'inlong-tubemq/tubemq-docker/**'
- '!**.md'
+permissions:
+ contents: read
+
jobs:
docker:
name: Docker build and push
@@ -90,16 +93,16 @@ jobs:
distribution: adopt
- name: Set up Python
- uses: actions/setup-python@v3
+ uses: actions/setup-python@v5
with:
python-version: 3.7
- name: Set up QEMU dependency
- uses: docker/setup-qemu-action@v2
+ uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
- uses: docker/setup-buildx-action@v2
+ uses: docker/setup-buildx-action@v3
- name: Cache Maven packages
uses: actions/cache@v4
diff --git a/.github/workflows/ci_greeting.yml
b/.github/workflows/ci_greeting.yml
index 554273e652..e2219d3f56 100644
--- a/.github/workflows/ci_greeting.yml
+++ b/.github/workflows/ci_greeting.yml
@@ -18,31 +18,29 @@
name: InLong Greeting
on:
- pull_request:
+ pull_request_target:
types:
- opened
issues:
types:
- opened
+permissions:
+ issues: write
+ pull-requests: write
+
jobs:
greeting:
- name: Greeting
+ name: Greet First-Time Contributors
runs-on: ubuntu-22.04
- permissions:
- issues: write
- pull-requests: write
steps:
- - name: Interact with newcomers
- uses: actions/first-interaction@v1
- continue-on-error: true
+ - uses: actions/first-interaction@v3
with:
- repo-token: ${{ secrets.GITHUB_TOKEN }}
- pr-message: |
- Hello @${{ github.actor }}, thank you for submitting a PR to
InLong ๐ We will respond as soon as possible โณ
- This seems to be your first PR ๐ Please be sure to follow our
[Contribution
Guidelines](https://inlong.apache.org/community/how-to-contribute).
- If you have any questions in the meantime, you can also ask us on
the [InLong Discussions](https://github.com/apache/inlong/discussions) ๐
issue-message: |
Hello @${{ github.actor }}, thank you for opening your first issue
in InLong ๐งก We will respond as soon as possible โณ
If this is a bug report, please provide screenshots or error logs
for us to reproduce your issue, so we can do our best to fix it.
If you have any questions in the meantime, you can also ask us on
the [InLong Discussions](https://github.com/apache/inlong/discussions) ๐
+ pr-message: |
+ Hello @${{ github.actor }}, thank you for submitting a PR to
InLong ๐ We will respond as soon as possible โณ
+ This seems to be your first PR ๐ Please be sure to follow our
[Contribution
Guidelines](https://inlong.apache.org/community/how-to-contribute).
+ If you have any questions in the meantime, you can also ask us on
the [InLong Discussions](https://github.com/apache/inlong/discussions) ๐
diff --git a/.github/workflows/ci_labeler.yml b/.github/workflows/ci_labeler.yml
index 76075d8bb1..53ccee294b 100644
--- a/.github/workflows/ci_labeler.yml
+++ b/.github/workflows/ci_labeler.yml
@@ -17,19 +17,25 @@
name: InLong Pull Request Labeler
-on: pull_request
+on:
+ pull_request_target:
+ types:
+ - opened
+ - synchronize
+ - reopened
+
+permissions:
+ contents: read
+ pull-requests: write
jobs:
label:
name: Label
runs-on: ubuntu-22.04
- permissions:
- contents: read
- pull-requests: write
steps:
- name: Label the PR
- uses: actions/labeler@v4
+ uses: actions/labeler@v5
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
configuration-path: .github/labeler.yml
- sync-labels: true
+ sync-labels: true
\ No newline at end of file
diff --git a/.github/workflows/ci_stale.yml b/.github/workflows/ci_stale.yml
index 916e04c27d..291dc5d3d6 100644
--- a/.github/workflows/ci_stale.yml
+++ b/.github/workflows/ci_stale.yml
@@ -30,7 +30,7 @@ jobs:
pull-requests: write
steps:
- name: Mark issues and PRs
- uses: actions/stale@v5
+ uses: actions/stale@v9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'This issue is stale because it has been open
for 60 days with no activity.'
diff --git a/.github/workflows/ci_ut.yml b/.github/workflows/ci_ut.yml
index fcc4cdb665..0ddf04663d 100644
--- a/.github/workflows/ci_ut.yml
+++ b/.github/workflows/ci_ut.yml
@@ -52,6 +52,9 @@ on:
- 'inlong-tubemq/**'
- '!**.md'
+permissions:
+ contents: read
+
jobs:
unit-test:
name: Unit Test
diff --git a/.github/workflows/ci_ut_flink13.yml
b/.github/workflows/ci_ut_flink13.yml
index 9084e34a3a..d1976642e6 100644
--- a/.github/workflows/ci_ut_flink13.yml
+++ b/.github/workflows/ci_ut_flink13.yml
@@ -31,6 +31,9 @@ on:
- 'inlong-sort/**'
- '!**.md'
+permissions:
+ contents: read
+
jobs:
unit-test:
name: Unit Test
diff --git a/.github/workflows/ci_ut_flink15.yml
b/.github/workflows/ci_ut_flink15.yml
index 53b88957e0..eb7b32dab0 100644
--- a/.github/workflows/ci_ut_flink15.yml
+++ b/.github/workflows/ci_ut_flink15.yml
@@ -31,6 +31,9 @@ on:
- 'inlong-sort/**'
- '!**.md'
+permissions:
+ contents: read
+
jobs:
unit-test:
name: Unit Test
diff --git a/.github/workflows/ci_ut_flink18.yml
b/.github/workflows/ci_ut_flink18.yml
index d86ea53bfc..9d45c02adf 100644
--- a/.github/workflows/ci_ut_flink18.yml
+++ b/.github/workflows/ci_ut_flink18.yml
@@ -31,6 +31,9 @@ on:
- 'inlong-sort/**'
- '!**.md'
+permissions:
+ contents: read
+
jobs:
unit-test:
name: Unit Test
