huggingface/diffusers
1
0
Fork 0
mirror of https://github.com/huggingface/diffusers.git synced 2026-05-28 00:39:35 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

[CI] Update all workflows with permissions (#13672)

Browse Source 
update
This commit is contained in:
Dhruv Nair
2026-05-01 17:41:27 +05:30
committed by GitHub
parent 42a46e48c3
commit ffd5da5f74
22 changed files with 69 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/benchmark.yml vendored
View File

@@ -5,6 +5,9 @@ on:
schedule:
- cron: "30 1 1,15 * *" # every 2 weeks on the 1st and the 15th of every month at 1:30 AM
permissions:
contents: read
env:
DIFFUSERS_IS_CI: yes
HF_XET_HIGH_PERFORMANCE: 1

6
.github/workflows/build_docker_images.yml vendored
View File

@@ -14,6 +14,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
env:
REGISTRY: diffusers
CI_SLACK_CHANNEL: ${{ secrets.CI_DOCKER_CHANNEL }}
@@ -23,6 +26,9 @@ jobs:
runs-on:
group: aws-general-8-plus
if: github.event_name == 'pull_request'
permissions:
contents: read
pull-requests: read
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3

3
.github/workflows/build_documentation.yml vendored
View File

@@ -12,6 +12,9 @@ on:
- "examples/**"
- "docs/**"
permissions:
contents: read
jobs:
build:
uses: huggingface/doc-builder/.github/workflows/build_main_documentation.yml@2430c1ec91d04667414e2fa31ecfc36c153ea391 # main

3
.github/workflows/build_pr_documentation.yml vendored
View File

@@ -11,6 +11,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
check-links:
runs-on: ubuntu-latest

3
.github/workflows/mirror_community_pipeline.yml vendored
View File

@@ -20,6 +20,9 @@ on:
required: true
default: 'main'
permissions:
contents: read
jobs:
mirror_community_pipeline:
env:

3
.github/workflows/nightly_tests.yml vendored
View File

@@ -5,6 +5,9 @@ on:
schedule:
- cron: "0 0 * * *" # every day at midnight
permissions:
contents: read
env:
DIFFUSERS_IS_CI: yes
HF_XET_HIGH_PERFORMANCE: 1

3
.github/workflows/notify_slack_about_release.yml vendored
View File

@@ -5,6 +5,9 @@ on:
release:
types: [published]
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-22.04

3
.github/workflows/pr_dependency_test.yml vendored
View File

@@ -15,6 +15,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
check_dependencies:
runs-on: ubuntu-22.04

3
.github/workflows/pr_modular_tests.yml vendored
View File

@@ -25,6 +25,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
env:
DIFFUSERS_IS_CI: yes
HF_XET_HIGH_PERFORMANCE: 1

3
.github/workflows/pr_test_fetcher.yml vendored
View File

@@ -2,6 +2,9 @@ name: Fast tests for PRs - Test Fetcher
on: workflow_dispatch
permissions:
contents: read
env:
DIFFUSERS_IS_CI: yes
OMP_NUM_THREADS: 4

3
.github/workflows/pr_torch_dependency_test.yml vendored
View File

@@ -15,6 +15,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
check_torch_dependencies:
runs-on: ubuntu-22.04

3
.github/workflows/push_tests.yml vendored
View File

@@ -10,6 +10,9 @@ on:
- "examples/**.py"
- "tests/**.py"
permissions:
contents: read
env:
DIFFUSERS_IS_CI: yes
OMP_NUM_THREADS: 8

3
.github/workflows/push_tests_fast.yml vendored
View File

@@ -13,6 +13,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
env:
DIFFUSERS_IS_CI: yes
HF_HOME: /mnt/cache

3
.github/workflows/push_tests_mps.yml vendored
View File

@@ -3,6 +3,9 @@ name: Fast mps tests on main
on:
workflow_dispatch:
permissions:
contents: read
env:
DIFFUSERS_IS_CI: yes
HF_HOME: /mnt/cache

3
.github/workflows/release_tests_fast.yml vendored
View File

@@ -10,6 +10,9 @@ on:
- "v*.*.*-release"
- "v*.*.*-patch"
permissions:
contents: read
env:
DIFFUSERS_IS_CI: yes
OMP_NUM_THREADS: 8

3
.github/workflows/run_tests_from_a_pr.yml vendored
View File

@@ -14,6 +14,9 @@ on:
description: 'Tests to run (e.g.: `tests/models`).'
required: true
permissions:
contents: read
env:
DIFFUSERS_IS_CI: yes
IS_GITHUB_CI: "1"

3
.github/workflows/ssh-pr-runner.yml vendored
View File

@@ -7,6 +7,9 @@ on:
description: 'Name of the Docker image'
required: true
permissions:
contents: read
env:
IS_GITHUB_CI: "1"
HF_HUB_READ_TOKEN: ${{ secrets.HF_HUB_READ_TOKEN }}

3
.github/workflows/ssh-runner.yml vendored
View File

@@ -15,6 +15,9 @@ on:
description: 'Name of the Docker image'
required: true
permissions:
contents: read
env:
IS_GITHUB_CI: "1"
HF_HUB_READ_TOKEN: ${{ secrets.HF_HUB_READ_TOKEN }}

3
.github/workflows/trufflehog.yml vendored
View File

@@ -3,6 +3,9 @@ on:
name: Secret Leaks
permissions:
contents: read
jobs:
trufflehog:
runs-on: ubuntu-22.04

3
.github/workflows/typos.yml vendored
View File

@@ -3,6 +3,9 @@ name: Check typos
on:
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-22.04

3
.github/workflows/update_metadata.yml vendored
View File

@@ -7,6 +7,9 @@ on:
- main
- update_diffusers_metadata*
permissions:
contents: read
jobs:
update_metadata:
runs-on: ubuntu-22.04

3
.github/workflows/upload_pr_documentation.yml vendored
View File

@@ -6,6 +6,9 @@ on:
types:
- completed
permissions:
contents: read
jobs:
build:
uses: huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml@9ad2de8582b56c017cb530c1165116d40433f1c6 # main