ivuorinen/.github
1
0
Fork 0
mirror of https://github.com/ivuorinen/.github.git synced 2026-01-26 11:23:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(lint): checkov violations for permissions

Browse Source
This commit is contained in:
Ismo Vuorinen
2025-01-22 09:57:06 +02:00
parent e0c156ee93
commit 7060810d95
12 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/composer-install.yml vendored
View File

@@ -8,6 +8,11 @@ on:
- "composer.json"
- "composer.lock"
permissions:
contents: read
packages: read
statuses: read
jobs:
ComposerInstall:
runs-on: ubuntu-latest

4
.github/workflows/compress-images.yml vendored
View File

@@ -8,6 +8,10 @@ on:
schedule:
- cron: "00 23 * * 0"
permissions:
contents: read
statuses: read
jobs:
CompressOnDemandOrSchedule:
name: calibreapp/image-actions

5
.github/workflows/dependency-review.yml vendored
View File

@@ -12,6 +12,11 @@ name: "Dependency Review"
on: [pull_request]
permissions:
contents: read
packages: read
statuses: read
jobs:
dependency-review:
runs-on: ubuntu-latest

5
.github/workflows/laravel-phpunit.yml vendored
View File

@@ -7,6 +7,11 @@ on:
pull_request:
branches: [main]
permissions:
contents: read
packages: read
statuses: read
jobs:
laravel-tests:
runs-on: ubuntu-latest

5
.github/workflows/pr-compress-images.yml vendored
View File

@@ -11,6 +11,11 @@ on:
- "**.png"
- "**.webp"
permissions:
contents: read
packages: read
statuses: read
jobs:
CompressInPR:
# Only run on Pull Requests within the same repository, and not from forks.

5
.github/workflows/pr-lint.yml vendored
View File

@@ -24,6 +24,11 @@ on:
pull_request:
branches: [master, main]
permissions:
contents: read
packages: read
statuses: read
###############
# Set the Job #
###############

5
.github/workflows/release-drafter.yml vendored
View File

@@ -4,6 +4,11 @@ name: Release Drafter
on:
workflow_call:
permissions:
contents: read
packages: read
statuses: read
jobs:
update_release_draft:
name: ✏️ Draft release

5
.github/workflows/release-monthly.yaml vendored
View File

@@ -7,6 +7,11 @@ on:
schedule:
- cron: "0 0 1 * *" # 1st of every month at midnight
permissions:
contents: read
packages: read
statuses: read
jobs:
release:
name: Release

4
.github/workflows/reviewdog-linters.yml vendored
View File

@@ -3,6 +3,10 @@ name: Reviewdog Linters
on: [pull_request]
permissions:
contents: read
statuses: read
jobs:
linters:
name: Linters

5
.github/workflows/stale.yml vendored
View File

@@ -7,6 +7,11 @@ on:
workflow_call:
workflow_dispatch:
permissions:
contents: read
packages: read
statuses: read
jobs:
stale:
name: 🧹 Clean up stale issues and PRs

4
.github/workflows/sync-labels-to-own-projects.yml vendored
View File

@@ -12,6 +12,10 @@ on:
schedule:
- cron: "0 0 * * *" # Every day at midnight
permissions:
contents: read
statuses: read
jobs:
sync-labels:
runs-on: ubuntu-latest

4
.github/workflows/sync-labels.yml vendored
View File

@@ -13,6 +13,10 @@ on:
workflow_call:
workflow_dispatch:
permissions:
contents: read
statuses: read
jobs:
labels:
name: ♻️ Sync labels