Lock down workflow permissions. (#19406)
Co-authored-by: Joel Challis <git@zvecr.com>
This commit is contained in:
parent
b8a9de206d
commit
f75ac6042e
13 changed files with 41 additions and 4 deletions
3
.github/workflows/api.yml
vendored
3
.github/workflows/api.yml
vendored
|
@ -1,5 +1,8 @@
|
||||||
name: Update API Data
|
name: Update API Data
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
|
|
2
.github/workflows/auto_approve.yml
vendored
2
.github/workflows/auto_approve.yml
vendored
|
@ -1,5 +1,7 @@
|
||||||
name: Automatic Approve
|
name: Automatic Approve
|
||||||
|
|
||||||
|
permissions: {}
|
||||||
|
|
||||||
on:
|
on:
|
||||||
schedule:
|
schedule:
|
||||||
- cron: "*/5 * * * *"
|
- cron: "*/5 * * * *"
|
||||||
|
|
3
.github/workflows/auto_tag.yml
vendored
3
.github/workflows/auto_tag.yml
vendored
|
@ -1,5 +1,8 @@
|
||||||
name: Essential files modified
|
name: Essential files modified
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
|
|
3
.github/workflows/cli.yml
vendored
3
.github/workflows/cli.yml
vendored
|
@ -1,5 +1,8 @@
|
||||||
name: CLI CI
|
name: CLI CI
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
|
|
3
.github/workflows/develop_update.yml
vendored
3
.github/workflows/develop_update.yml
vendored
|
@ -1,5 +1,8 @@
|
||||||
name: Update develop after master merge
|
name: Update develop after master merge
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
|
|
3
.github/workflows/docs.yml
vendored
3
.github/workflows/docs.yml
vendored
|
@ -1,5 +1,8 @@
|
||||||
name: Generate Docs
|
name: Generate Docs
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
|
|
3
.github/workflows/feature_branch_update.yml
vendored
3
.github/workflows/feature_branch_update.yml
vendored
|
@ -1,5 +1,8 @@
|
||||||
name: Update feature branches after develop merge
|
name: Update feature branches after develop merge
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
|
|
3
.github/workflows/format.yml
vendored
3
.github/workflows/format.yml
vendored
|
@ -1,5 +1,8 @@
|
||||||
name: PR Lint Format
|
name: PR Lint Format
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request:
|
||||||
paths:
|
paths:
|
||||||
|
|
3
.github/workflows/format_push.yml
vendored
3
.github/workflows/format_push.yml
vendored
|
@ -1,5 +1,8 @@
|
||||||
name: Lint Format
|
name: Lint Format
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
|
|
4
.github/workflows/labeler.yml
vendored
4
.github/workflows/labeler.yml
vendored
|
@ -1,5 +1,9 @@
|
||||||
name: "Pull Request Labeler"
|
name: "Pull Request Labeler"
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
pull-requests: write
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request_target:
|
pull_request_target:
|
||||||
types: [opened, synchronize, reopened, ready_for_review, locked]
|
types: [opened, synchronize, reopened, ready_for_review, locked]
|
||||||
|
|
3
.github/workflows/lint.yml
vendored
3
.github/workflows/lint.yml
vendored
|
@ -1,5 +1,8 @@
|
||||||
name: PR Lint keyboards
|
name: PR Lint keyboards
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request:
|
||||||
paths:
|
paths:
|
||||||
|
|
9
.github/workflows/stale.yml
vendored
9
.github/workflows/stale.yml
vendored
|
@ -1,13 +1,14 @@
|
||||||
name: 'Close stale issues and PRs'
|
name: 'Close stale issues and PRs'
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: '30 1 * * *'
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
issues: write
|
issues: write
|
||||||
pull-requests: write
|
pull-requests: write
|
||||||
|
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: '30 1 * * *'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
stale:
|
stale:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
3
.github/workflows/unit_test.yml
vendored
3
.github/workflows/unit_test.yml
vendored
|
@ -1,5 +1,8 @@
|
||||||
name: Unit Tests
|
name: Unit Tests
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
|
|
Loading…
Reference in a new issue