mirrors/diun
1
0
Fork 0
mirror of https://github.com/crazy-max/diun.git synced 2025-12-21 21:33:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

ci: set contents read as default workflow permissions

Browse Source
This commit is contained in:
CrazyMax
2025-02-02 03:17:21 +01:00
parent 473ff9c9ba
commit fea9e81482
5 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/build.yml vendored
View File

@@ -4,6 +4,10 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on: on:
push: push:
branches: branches:
@@ -146,6 +150,9 @@ jobs:
release: release:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
# required to create GitHub release
contents: write
needs: needs:
- artifact - artifact
- test - test
@@ -187,6 +194,11 @@ jobs:
image: image:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
# same as global permissions
contents: read
# required to push to GHCR
packages: write
needs: needs:
- artifact - artifact
- test - test

9
.github/workflows/codeql.yml vendored
View File

@@ -4,6 +4,10 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on: on:
push: push:
branches: branches:
@@ -19,6 +23,11 @@ on:
jobs: jobs:
codeql: codeql:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
# same as global permissions
contents: read
# required for code scanning
security-events: write
steps: steps:
- -
name: Checkout name: Checkout

7
.github/workflows/docs.yml vendored
View File

@@ -4,6 +4,10 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on: on:
workflow_dispatch: workflow_dispatch:
push: push:
@@ -18,6 +22,9 @@ env:
jobs: jobs:
publish: publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
# required to push to gh-pages
contents: write
steps: steps:
- -
name: Checkout name: Checkout

4
.github/workflows/e2e.yml vendored
View File

@@ -4,6 +4,10 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on: on:
push: push:
branches: branches:

9
.github/workflows/labels.yml vendored
View File

@@ -4,6 +4,10 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on: on:
push: push:
branches: branches:
@@ -19,6 +23,11 @@ on:
jobs: jobs:
labeler: labeler:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
# same as global permissions
contents: read
# required to update labels
issues: write
steps: steps:
- -
name: Checkout name: Checkout