From 48a5219b0d55088cfe8c42325b97a7db10828c99 Mon Sep 17 00:00:00 2001 From: Ismo Vuorinen Date: Mon, 9 Sep 2024 11:09:04 +0300 Subject: [PATCH] chore(workflows): drop root permissions read-all --- .envrc | 1 + .github/workflows/composer-install.yml | 2 -- .github/workflows/compress-images.yml | 2 -- .github/workflows/dependency-review.yml | 2 -- .github/workflows/laravel-phpunit.yml | 2 -- .github/workflows/pr-compress-images.yml | 2 -- .github/workflows/pr-lint.yml | 10 +++++++--- .github/workflows/release-drafter.yml | 2 -- .github/workflows/release-monthly.yaml | 2 -- .github/workflows/reviewdog-linters.yml | 2 -- .github/workflows/stale.yml | 2 -- .github/workflows/sync-labels-to-own-projects.yml | 2 -- .github/workflows/sync-labels.yml | 2 -- .github/linters/.jscpd.json => .jscpd.json | 0 14 files changed, 8 insertions(+), 25 deletions(-) create mode 100644 .envrc rename .github/linters/.jscpd.json => .jscpd.json (100%) diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..a63eb96 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use asdf diff --git a/.github/workflows/composer-install.yml b/.github/workflows/composer-install.yml index e634277..7661b9b 100644 --- a/.github/workflows/composer-install.yml +++ b/.github/workflows/composer-install.yml @@ -8,8 +8,6 @@ on: - "composer.json" - "composer.lock" -permissions: read-all - jobs: ComposerInstall: runs-on: ubuntu-latest diff --git a/.github/workflows/compress-images.yml b/.github/workflows/compress-images.yml index 2d1a5ee..92fd609 100644 --- a/.github/workflows/compress-images.yml +++ b/.github/workflows/compress-images.yml @@ -8,8 +8,6 @@ on: schedule: - cron: "00 23 * * 0" -permissions: read-all - jobs: CompressOnDemandOrSchedule: name: calibreapp/image-actions diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index cff4cf5..d4889c4 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -12,8 +12,6 @@ name: "Dependency Review" on: [pull_request] -permissions: read-all - jobs: dependency-review: runs-on: ubuntu-latest diff --git a/.github/workflows/laravel-phpunit.yml b/.github/workflows/laravel-phpunit.yml index 171cbd1..653cd86 100644 --- a/.github/workflows/laravel-phpunit.yml +++ b/.github/workflows/laravel-phpunit.yml @@ -7,8 +7,6 @@ on: pull_request: branches: [main] -permissions: read-all - jobs: laravel-tests: runs-on: ubuntu-latest diff --git a/.github/workflows/pr-compress-images.yml b/.github/workflows/pr-compress-images.yml index f7fad4b..3500ba3 100644 --- a/.github/workflows/pr-compress-images.yml +++ b/.github/workflows/pr-compress-images.yml @@ -11,8 +11,6 @@ on: - "**.png" - "**.webp" -permissions: read-all - jobs: CompressInPR: # Only run on Pull Requests within the same repository, and not from forks. diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index f014848..2fdcf56 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -24,8 +24,6 @@ on: pull_request: branches: [master, main] -permissions: read-all - ############### # Set the Job # ############### @@ -62,14 +60,20 @@ jobs: # Run Linter against code base # ################################ - name: Lint Code Base - uses: github/super-linter@v7 + uses: super-linter/super-linter/slim@v7 env: VALIDATE_ALL_CODEBASE: false + LINTER_RULES_PATH: "${DEFAULT_WORKSPACE}" FIX_ANSIBLE: true FIX_ENV: true FIX_JSON: true FIX_JSONC_PRETTIER: true FIX_MARKDOWN: true + FIX_SHELL_SHFMT: true + FIX_TERRAFORM_FMT: true + FIX_TYPESCRIPT_PRETTIER: true + FIX_VUE_PRETTIER: true + FIX_YAML_PRETTIER: true # Change to 'master' if your main branch differs DEFAULT_BRANCH: ${{ env.MAIN_BRANCH }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index c479362..c3e3094 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -4,8 +4,6 @@ name: Release Drafter on: workflow_call: -permissions: read-all - jobs: update_release_draft: name: ✏️ Draft release diff --git a/.github/workflows/release-monthly.yaml b/.github/workflows/release-monthly.yaml index 1597095..aa98656 100644 --- a/.github/workflows/release-monthly.yaml +++ b/.github/workflows/release-monthly.yaml @@ -7,8 +7,6 @@ on: schedule: - cron: "0 0 1 * *" # 1st of every month at midnight -permissions: read-all - jobs: release: name: Release diff --git a/.github/workflows/reviewdog-linters.yml b/.github/workflows/reviewdog-linters.yml index 8aaaddb..710f600 100644 --- a/.github/workflows/reviewdog-linters.yml +++ b/.github/workflows/reviewdog-linters.yml @@ -3,8 +3,6 @@ name: Reviewdog Linters on: [pull_request] -permissions: read-all - jobs: linters: name: Linters diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index db410d4..b03940f 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -7,8 +7,6 @@ on: workflow_call: workflow_dispatch: -permissions: read-all - jobs: stale: name: 🧹 Clean up stale issues and PRs diff --git a/.github/workflows/sync-labels-to-own-projects.yml b/.github/workflows/sync-labels-to-own-projects.yml index 87f2048..60bf7a7 100644 --- a/.github/workflows/sync-labels-to-own-projects.yml +++ b/.github/workflows/sync-labels-to-own-projects.yml @@ -12,8 +12,6 @@ on: schedule: - cron: "0 0 * * *" # Every day at midnight -permissions: read-all - jobs: sync-labels: runs-on: ubuntu-latest diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 1aee1de..5e5de18 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -13,8 +13,6 @@ on: workflow_call: workflow_dispatch: -permissions: read-all - jobs: labels: name: ♻️ Sync labels diff --git a/.github/linters/.jscpd.json b/.jscpd.json similarity index 100% rename from .github/linters/.jscpd.json rename to .jscpd.json