From e7f6c2b5288d3cc20d6df3913f77bdc88b290a88 Mon Sep 17 00:00:00 2001 From: Sameer Sheorey Date: Mon, 3 Jun 2024 15:01:48 -0700 Subject: [PATCH] contents:write for artifact upload, github releases --- .github/workflows/documentation.yml | 4 ++++ .github/workflows/macos.yml | 16 ++++++++++++++++ .github/workflows/ubuntu-cuda.yml | 4 ++++ .github/workflows/ubuntu-wheel.yml | 4 ++++ .github/workflows/ubuntu.yml | 6 ++++++ .github/workflows/vtk_packages.yml | 6 ++++++ .github/workflows/webrtc.yml | 4 ++++ .github/workflows/windows.yml | 12 ++++++++++++ 8 files changed, 56 insertions(+) diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index 613be624f2a..bcbffa1ac77 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -79,6 +79,8 @@ jobs: ccache -s - name: Upload docs + permissions: + contents: write uses: actions/upload-artifact@v4 with: name: open3d_docs @@ -86,6 +88,8 @@ jobs: if-no-files-found: error - name: Deploy docs if all artifacts available + permissions: + contents: write if: ${{ github.ref == 'refs/heads/main' }} env: GH_TOKEN: ${{ github.token }} diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index d75557cd443..55a1238b363 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -113,6 +113,8 @@ jobs: ccache -s - name: Upload package + permissions: + contents: write if: ${{ env.BUILD_SHARED_LIBS == 'ON' }} uses: actions/upload-artifact@v4 with: @@ -121,6 +123,8 @@ jobs: if-no-files-found: error - name: Update package devel release + permissions: + contents: write if: ${{ github.ref == 'refs/heads/main' && env.BUILD_SHARED_LIBS == 'ON' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -129,6 +133,8 @@ jobs: gh release view main-devel - name: Upload Open3D viewer app + permissions: + contents: write uses: actions/upload-artifact@v4 if: ${{ env.BUILD_SHARED_LIBS == 'OFF' }} with: @@ -163,6 +169,8 @@ jobs: zip -rv "${APP_NAME}" Open3D.app - name: Upload Open3D viewer app + permissions: + contents: write uses: actions/upload-artifact@v4 with: name: open3d-app-macosx-10_15-universal2 @@ -170,6 +178,8 @@ jobs: if-no-files-found: error - name: Update viewer devel release + permissions: + contents: write if: ${{ github.ref == 'refs/heads/main' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -279,6 +289,8 @@ jobs: echo "PIP_PKG_NAME=$PIP_PKG_NAME" >> $GITHUB_ENV - name: Upload wheel + permissions: + contents: write uses: actions/upload-artifact@v4 with: name: ${{ env.PIP_PKG_NAME }} @@ -336,6 +348,8 @@ jobs: echo "PIP_PKG_NAME=$NEW_WHL_NAME" >> $GITHUB_ENV - name: Upload merged wheels + permissions: + contents: write uses: actions/upload-artifact@v4 with: name: ${{ env.PIP_PKG_NAME }} @@ -343,6 +357,8 @@ jobs: if-no-files-found: error - name: Update devel release + permissions: + contents: write if: ${{ github.ref == 'refs/heads/main' }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ubuntu-cuda.yml b/.github/workflows/ubuntu-cuda.yml index 43e170818e7..a79bb1e1ba8 100644 --- a/.github/workflows/ubuntu-cuda.yml +++ b/.github/workflows/ubuntu-cuda.yml @@ -150,6 +150,8 @@ jobs: fi - name: Upload package + permissions: + contents: write if: ${{ env.BUILD_PACKAGE == 'true' }} uses: actions/upload-artifact@v4 with: @@ -158,6 +160,8 @@ jobs: if-no-files-found: error - name: Update devel release + permissions: + contents: write if: ${{ github.ref == 'refs/heads/main' && env.BUILD_PACKAGE == 'true' }} env: GH_TOKEN: ${{ github.token }} diff --git a/.github/workflows/ubuntu-wheel.yml b/.github/workflows/ubuntu-wheel.yml index f7fa7a728c8..408988b407a 100644 --- a/.github/workflows/ubuntu-wheel.yml +++ b/.github/workflows/ubuntu-wheel.yml @@ -79,6 +79,8 @@ jobs: echo "PIP_PKG_NAME=$PIP_PKG_NAME" >> $GITHUB_ENV echo "PIP_CPU_PKG_NAME=$PIP_CPU_PKG_NAME" >> $GITHUB_ENV - name: Upload wheel to GitHub artifacts + permissions: + contents: write uses: actions/upload-artifact@v4 with: name: ${{ env.PIP_PKG_NAME }} @@ -103,6 +105,8 @@ jobs: run: | gsutil cp ${GITHUB_WORKSPACE}/${{ env.CCACHE_TAR_NAME }}.tar.gz gs://open3d-ci-cache/ - name: Update devel release + permissions: + contents: write # if: ${{ github.ref == 'refs/heads/main' }} env: GH_TOKEN: ${{ github.token }} diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml index 3d0439972a0..8c14ca65fc2 100644 --- a/.github/workflows/ubuntu.yml +++ b/.github/workflows/ubuntu.yml @@ -71,6 +71,8 @@ jobs: docker/docker_test.sh cpu-shared-ml-release fi - name: Upload package to GitHub artifacts + permissions: + contents: write if: ${{ env.BUILD_SHARED_LIBS == 'ON' }} uses: actions/upload-artifact@v4 with: @@ -78,6 +80,8 @@ jobs: path: open3d-devel-*.tar.xz if-no-files-found: error - name: Upload viewer to GitHub artifacts + permissions: + contents: write if: ${{ env.BUILD_SHARED_LIBS == 'OFF' }} uses: actions/upload-artifact@v4 with: @@ -85,6 +89,8 @@ jobs: path: open3d-viewer-*-Linux.deb if-no-files-found: error - name: Update devel release + permissions: + contents: write if: ${{ github.ref == 'refs/heads/main' }} env: GH_TOKEN: ${{ github.token }} diff --git a/.github/workflows/vtk_packages.yml b/.github/workflows/vtk_packages.yml index 6bf78e5e83a..88e20dc1f89 100644 --- a/.github/workflows/vtk_packages.yml +++ b/.github/workflows/vtk_packages.yml @@ -26,6 +26,8 @@ jobs: make -j$(nproc) cmake -E sha256sum vtk*.tar.gz > checksum_linux.txt - name: Upload artifacts + permissions: + contents: write uses: actions/upload-artifact@v4 with: name: vtk_linux @@ -76,6 +78,8 @@ jobs: ls cmake -E sha256sum (get-item vtk*.tar.gz).Name > checksum_win_${{matrix.configuration}}.txt - name: Upload package + permissions: + contents: write uses: actions/upload-artifact@v4 with: name: vtk_windows_${{matrix.configuration}} @@ -103,6 +107,8 @@ jobs: make -j2 cmake -E sha256sum vtk*.tar.gz > checksum_macos.txt - name: Upload artifacts + permissions: + contents: write uses: actions/upload-artifact@v4 with: name: vtk_macos diff --git a/.github/workflows/webrtc.yml b/.github/workflows/webrtc.yml index ce6508a4dbe..863651d86cf 100644 --- a/.github/workflows/webrtc.yml +++ b/.github/workflows/webrtc.yml @@ -62,6 +62,8 @@ jobs: build_webrtc - name: Upload WebRTC + permissions: + contents: write uses: actions/upload-artifact@v4 with: name: webrtc_release_${{ matrix.os }} @@ -168,6 +170,8 @@ jobs: cmake -E sha256sum webrtc_${env:WEBRTC_COMMIT_SHORT}_win.zip | Tee-Object -FilePath checksum_win.txt - name: Upload WebRTC + permissions: + contents: write uses: actions/upload-artifact@v4 with: name: webrtc_release_windows diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 251f4f70736..337698abbe3 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -147,6 +147,8 @@ jobs: $env:GITHUB_ENV -Encoding utf8 -Append - name: Upload Package + permissions: + contents: write if: ${{ matrix.BUILD_SHARED_LIBS == 'ON' && matrix.BUILD_CUDA_MODULE == 'OFF' }} uses: actions/upload-artifact@v4 with: @@ -155,6 +157,8 @@ jobs: if-no-files-found: error - name: Update devel release with package + permissions: + contents: write if: ${{ github.ref == 'refs/heads/main' && matrix.BUILD_SHARED_LIBS == 'ON' && matrix.BUILD_CUDA_MODULE == 'OFF' }} env: GH_TOKEN: ${{ github.token }} @@ -173,6 +177,8 @@ jobs: --target INSTALL - name: Upload Viewer + permissions: + contents: write if: ${{ matrix.BUILD_SHARED_LIBS == 'OFF' && matrix.STATIC_RUNTIME == 'ON' && matrix.BUILD_CUDA_MODULE == 'OFF' && matrix.CONFIG == 'Release' }} uses: actions/upload-artifact@v4 with: @@ -181,6 +187,8 @@ jobs: if-no-files-found: error - name: Update devel release with viewer + permissions: + contents: write if: ${{ github.ref == 'refs/heads/main' && matrix.BUILD_SHARED_LIBS == 'OFF' && matrix.STATIC_RUNTIME == 'ON' && matrix.BUILD_CUDA_MODULE == 'OFF' && matrix.CONFIG == 'Release' }} env: GH_TOKEN: ${{ github.token }} @@ -302,6 +310,8 @@ jobs: echo "PIP_PKG_NAME=$PIP_PKG_NAME" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - name: Upload wheel + permissions: + contents: write uses: actions/upload-artifact@v4 with: name: ${{ env.PIP_PKG_NAME }} @@ -309,6 +319,8 @@ jobs: if-no-files-found: error - name: Update devel release with wheel + permissions: + contents: write if: ${{ github.ref == 'refs/heads/main' }} env: GH_TOKEN: ${{ github.token }}