Lock down workflow permissions. (#19406)
Co-authored-by: Joel Challis <git@zvecr.com>
This commit is contained in:
parent
b8a9de206d
commit
f75ac6042e
3
.github/workflows/api.yml
vendored
3
.github/workflows/api.yml
vendored
@ -1,5 +1,8 @@
|
||||
name: Update API Data
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
|
2
.github/workflows/auto_approve.yml
vendored
2
.github/workflows/auto_approve.yml
vendored
@ -1,5 +1,7 @@
|
||||
name: Automatic Approve
|
||||
|
||||
permissions: {}
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "*/5 * * * *"
|
||||
|
3
.github/workflows/auto_tag.yml
vendored
3
.github/workflows/auto_tag.yml
vendored
@ -1,5 +1,8 @@
|
||||
name: Essential files modified
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
|
3
.github/workflows/cli.yml
vendored
3
.github/workflows/cli.yml
vendored
@ -1,5 +1,8 @@
|
||||
name: CLI CI
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
|
3
.github/workflows/develop_update.yml
vendored
3
.github/workflows/develop_update.yml
vendored
@ -1,5 +1,8 @@
|
||||
name: Update develop after master merge
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
|
3
.github/workflows/docs.yml
vendored
3
.github/workflows/docs.yml
vendored
@ -1,5 +1,8 @@
|
||||
name: Generate Docs
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
|
3
.github/workflows/feature_branch_update.yml
vendored
3
.github/workflows/feature_branch_update.yml
vendored
@ -1,5 +1,8 @@
|
||||
name: Update feature branches after develop merge
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
|
3
.github/workflows/format.yml
vendored
3
.github/workflows/format.yml
vendored
@ -1,5 +1,8 @@
|
||||
name: PR Lint Format
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
|
3
.github/workflows/format_push.yml
vendored
3
.github/workflows/format_push.yml
vendored
@ -1,5 +1,8 @@
|
||||
name: Lint Format
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
|
4
.github/workflows/labeler.yml
vendored
4
.github/workflows/labeler.yml
vendored
@ -1,5 +1,9 @@
|
||||
name: "Pull Request Labeler"
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
|
||||
on:
|
||||
pull_request_target:
|
||||
types: [opened, synchronize, reopened, ready_for_review, locked]
|
||||
|
3
.github/workflows/lint.yml
vendored
3
.github/workflows/lint.yml
vendored
@ -1,5 +1,8 @@
|
||||
name: PR Lint keyboards
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
|
9
.github/workflows/stale.yml
vendored
9
.github/workflows/stale.yml
vendored
@ -1,13 +1,14 @@
|
||||
name: 'Close stale issues and PRs'
|
||||
on:
|
||||
schedule:
|
||||
- cron: '30 1 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
issues: write
|
||||
pull-requests: write
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '30 1 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
stale:
|
||||
runs-on: ubuntu-latest
|
||||
|
3
.github/workflows/unit_test.yml
vendored
3
.github/workflows/unit_test.yml
vendored
@ -1,5 +1,8 @@
|
||||
name: Unit Tests
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
|
Loading…
Reference in New Issue
Block a user