chore(workflows): drop root permissions read-all

2026-03-07 11:56:12 +00:00 · 2024-09-09 11:09:04 +03:00
parent 73939e9d19
commit 48a5219b0d
14 changed files with 8 additions and 25 deletions
--- a/.envrc
+++ b/.envrc
@@ -0,0 +1 @@
 use asdf
--- a/.github/workflows/composer-install.yml
+++ b/.github/workflows/composer-install.yml
@@ -8,8 +8,6 @@ on:
      - "composer.json"
      - "composer.lock"
 permissions: read-all
 jobs:
  ComposerInstall:
    runs-on: ubuntu-latest
--- a/.github/workflows/compress-images.yml
+++ b/.github/workflows/compress-images.yml
@@ -8,8 +8,6 @@ on:
  schedule:
    - cron: "00 23 * * 0"
 permissions: read-all
 jobs:
  CompressOnDemandOrSchedule:
    name: calibreapp/image-actions
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -12,8 +12,6 @@ name: "Dependency Review"
 on: [pull_request]
 permissions: read-all
 jobs:
  dependency-review:
    runs-on: ubuntu-latest
--- a/.github/workflows/laravel-phpunit.yml
+++ b/.github/workflows/laravel-phpunit.yml
@@ -7,8 +7,6 @@ on:
  pull_request:
    branches: [main]
 permissions: read-all
 jobs:
  laravel-tests:
    runs-on: ubuntu-latest
--- a/.github/workflows/pr-compress-images.yml
+++ b/.github/workflows/pr-compress-images.yml
@@ -11,8 +11,6 @@ on:
      - "**.png"
      - "**.webp"
 permissions: read-all
 jobs:
  CompressInPR:
    # Only run on Pull Requests within the same repository, and not from forks.
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -24,8 +24,6 @@ on:
  pull_request:
    branches: [master, main]
 permissions: read-all
 ###############
 # Set the Job #
 ###############
@@ -62,14 +60,20 @@ jobs:
      # Run Linter against code base #
      ################################
      - name: Lint Code Base
-        uses: github/super-linter@v7
+        uses: super-linter/super-linter/slim@v7
        env:
          VALIDATE_ALL_CODEBASE: false
          LINTER_RULES_PATH: "${DEFAULT_WORKSPACE}"
          FIX_ANSIBLE: true
          FIX_ENV: true
          FIX_JSON: true
          FIX_JSONC_PRETTIER: true
          FIX_MARKDOWN: true
          FIX_SHELL_SHFMT: true
          FIX_TERRAFORM_FMT: true
          FIX_TYPESCRIPT_PRETTIER: true
          FIX_VUE_PRETTIER: true
          FIX_YAML_PRETTIER: true
          # Change to 'master' if your main branch differs
          DEFAULT_BRANCH: ${{ env.MAIN_BRANCH }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -4,8 +4,6 @@ name: Release Drafter
 on:
  workflow_call:
 permissions: read-all
 jobs:
  update_release_draft:
    name: ✏️ Draft release
--- a/.github/workflows/release-monthly.yaml
+++ b/.github/workflows/release-monthly.yaml
@@ -7,8 +7,6 @@ on:
  schedule:
    - cron: "0 0 1 * *" # 1st of every month at midnight
 permissions: read-all
 jobs:
  release:
    name: Release
--- a/.github/workflows/reviewdog-linters.yml
+++ b/.github/workflows/reviewdog-linters.yml
@@ -3,8 +3,6 @@ name: Reviewdog Linters
 on: [pull_request]
 permissions: read-all
 jobs:
  linters:
    name: Linters
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -7,8 +7,6 @@ on:
  workflow_call:
  workflow_dispatch:
 permissions: read-all
 jobs:
  stale:
    name: 🧹 Clean up stale issues and PRs
--- a/.github/workflows/sync-labels-to-own-projects.yml
+++ b/.github/workflows/sync-labels-to-own-projects.yml
@@ -12,8 +12,6 @@ on:
  schedule:
    - cron: "0 0 * * *" # Every day at midnight
 permissions: read-all
 jobs:
  sync-labels:
    runs-on: ubuntu-latest
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -13,8 +13,6 @@ on:
  workflow_call:
  workflow_dispatch:
 permissions: read-all
 jobs:
  labels:
    name: ♻️ Sync labels
--- a/.github/linters/.jscpd.json
+++ b/.github/linters/.jscpd.json