I believe the recommendation (following several PRs on the subject) is to add explicit permissions for GH workflows:
permissions: contents: read On Thu, 26 May 2022 at 13:23, <ggreg...@apache.org> wrote: > This is an automated email from the ASF dual-hosted git repository. > > ggregory pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/commons-lang.git > > > The following commit(s) were added to refs/heads/master by this push: > new 3e67d33d2 Add coverage.yml > 3e67d33d2 is described below > > commit 3e67d33d25ea1eefc8260e655df91a899895d7d6 > Author: Gary Gregory <garydgreg...@gmail.com> > AuthorDate: Thu May 26 08:22:58 2022 -0400 > > Add coverage.yml > --- > .github/workflows/coverage.yml | 47 > ++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 47 insertions(+) > > diff --git a/.github/workflows/coverage.yml > b/.github/workflows/coverage.yml > new file mode 100644 > index 000000000..a7397b18f > --- /dev/null > +++ b/.github/workflows/coverage.yml > @@ -0,0 +1,47 @@ > +# Licensed to the Apache Software Foundation (ASF) under one or more > +# contributor license agreements. See the NOTICE file distributed with > +# this work for additional information regarding copyright ownership. > +# The ASF licenses this file to You under the Apache License, Version 2.0 > +# (the "License"); you may not use this file except in compliance with > +# the License. You may obtain a copy of the License at > +# > +# http://www.apache.org/licenses/LICENSE-2.0 > +# > +# Unless required by applicable law or agreed to in writing, software > +# distributed under the License is distributed on an "AS IS" BASIS, > +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > +# See the License for the specific language governing permissions and > +# limitations under the License. > + > +name: Coverage > + > +on: [push, pull_request] > + > +jobs: > + build: > + > + runs-on: ubuntu-latest > + strategy: > + matrix: > + java: [ 8 ] > + > + steps: > + - uses: actions/checkout@v3 > + - uses: actions/cache@v3 > + with: > + path: ~/.m2/repository > + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} > + restore-keys: | > + ${{ runner.os }}-maven- > + - name: Set up JDK ${{ matrix.java }} > + uses: actions/setup-java@v3 > + with: > + distribution: adopt > + java-version: ${{ matrix.java }} > + - name: Build with Maven > + run: mvn -V test jacoco:report --file pom.xml --no-transfer-progress > + > + - name: Upload coverage to Codecov > + uses: codecov/codecov-action@v3 > + with: > + files: ./target/site/jacoco/jacoco.xml > >
