ivuorinen/.github
1
0
Fork 0
mirror of https://github.com/ivuorinen/.github.git synced 2026-02-15 18:47:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(workflows): set workflow permissions in jobs

Browse Source
This commit is contained in:
Ismo Vuorinen
2024-08-21 11:03:25 +03:00
parent 92b8749e34
commit c18ea6bebe
12 changed files with 54 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/composer-install.yml vendored
View File

@@ -8,14 +8,14 @@ on:
- "composer.json" - "composer.json"
- "composer.lock" - "composer.lock"
permissions:
contents: write
statuses: write
jobs: jobs:
ComposerInstall: ComposerInstall:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
statuses: write
strategy: strategy:
matrix: matrix:
operating-system: ["ubuntu-latest"] operating-system: ["ubuntu-latest"]

12
.github/workflows/compress-images.yml vendored
View File

@@ -8,15 +8,17 @@ on:
schedule: schedule:
- cron: "00 23 * * 0" - cron: "00 23 * * 0"
permissions:
contents: write
statuses: write
pull-requests: write
jobs: jobs:
CompressOnDemandOrSchedule: CompressOnDemandOrSchedule:
name: calibreapp/image-actions name: calibreapp/image-actions
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
statuses: write
pull-requests: write
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@v4 uses: actions/checkout@v4

5
.github/workflows/dependency-review.yml vendored
View File

@@ -12,12 +12,11 @@ name: "Dependency Review"
on: [pull_request] on: [pull_request]
permissions:
contents: read
jobs: jobs:
dependency-review: dependency-review:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
steps: steps:
- name: "Checkout Repository" - name: "Checkout Repository"
uses: actions/checkout@v4 uses: actions/checkout@v4

10
.github/workflows/laravel-phpunit.yml vendored
View File

@@ -7,18 +7,18 @@ on:
pull_request: pull_request:
branches: [main] branches: [main]
permissions:
contents: write
statuses: write
jobs: jobs:
laravel-tests: laravel-tests:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
statuses: write
steps: steps:
- uses: shivammathur/setup-php@v2 - uses: shivammathur/setup-php@v2
with: with:
php-version: "8.1" php-version: "8.3"
- uses: actions/checkout@v4 - uses: actions/checkout@v4

11
.github/workflows/pr-compress-images.yml vendored
View File

@@ -11,17 +11,18 @@ on:
- "**.png" - "**.png"
- "**.webp" - "**.webp"
permissions:
contents: write
statuses: write
pull-requests: write
jobs: jobs:
CompressInPR: CompressInPR:
# Only run on Pull Requests within the same repository, and not from forks. # Only run on Pull Requests within the same repository, and not from forks.
if: github.event.pull_request.head.repo.full_name == github.repository if: github.event.pull_request.head.repo.full_name == github.repository
name: calibreapp/image-actions name: calibreapp/image-actions
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
statuses: write
pull-requests: write
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@v4 uses: actions/checkout@v4

16
.github/workflows/pr-lint.yml vendored
View File

@@ -24,14 +24,6 @@ on:
pull_request: pull_request:
branches: [master, main] branches: [master, main]
############################################
# Grant status permission for MULTI_STATUS #
############################################
permissions:
contents: read
packages: read
statuses: write
############### ###############
# Set the Job # # Set the Job #
############### ###############
@@ -42,6 +34,14 @@ jobs:
# Set the agent to run on # Set the agent to run on
runs-on: ubuntu-latest runs-on: ubuntu-latest
############################################
# Grant status permission for MULTI_STATUS #
############################################
permissions:
contents: read
packages: read
statuses: write
################## ##################
# Load all steps # # Load all steps #
################## ##################

7
.github/workflows/release-drafter.yml vendored
View File

@@ -4,14 +4,13 @@ name: Release Drafter
on: on:
workflow_call: workflow_call:
permissions:
contents: write
statuses: write
jobs: jobs:
update_release_draft: update_release_draft:
name: ✏️ Draft release name: ✏️ Draft release
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
statuses: write
steps: steps:
- name: 🚀 Run Release Drafter - name: 🚀 Run Release Drafter
uses: release-drafter/release-drafter@v6.0.0 uses: release-drafter/release-drafter@v6.0.0

5
.github/workflows/release-monthly.yaml vendored
View File

@@ -7,13 +7,12 @@ on:
schedule: schedule:
- cron: "0 0 1 * *" # 1st of every month at midnight - cron: "0 0 1 * *" # 1st of every month at midnight
permissions:
contents: write
jobs: jobs:
release: release:
name: Release name: Release
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4

11
.github/workflows/reviewdog-linters.yml vendored
View File

@@ -3,15 +3,16 @@ name: Reviewdog Linters
on: [push] on: [push]
permissions:
contents: read
packages: read
statuses: write
jobs: jobs:
linters: linters:
name: Linters name: Linters
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
packages: read
statuses: write
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

11
.github/workflows/stale.yml vendored
View File

@@ -7,15 +7,16 @@ on:
workflow_call: workflow_call:
workflow_dispatch: workflow_dispatch:
permissions:
contents: write # only for delete-branch option
issues: write
pull-requests: write
jobs: jobs:
stale: stale:
name: 🧹 Clean up stale issues and PRs name: 🧹 Clean up stale issues and PRs
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write # only for delete-branch option
issues: write
pull-requests: write
steps: steps:
- name: 🚀 Run stale - name: 🚀 Run stale
uses: actions/stale@v9.0.0 uses: actions/stale@v9.0.0

7
.github/workflows/sync-labels-to-own-projects.yml vendored
View File

@@ -12,13 +12,12 @@ on:
schedule: schedule:
- cron: "0 0 * * *" # Every day at midnight - cron: "0 0 * * *" # Every day at midnight
permissions:
contents: write
statuses: write
jobs: jobs:
sync-labels: sync-labels:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
statuses: write
outputs: outputs:
repos: ${{ steps.repos.outputs.REPOS }} repos: ${{ steps.repos.outputs.REPOS }}
steps: steps:

5
.github/workflows/sync-labels.yml vendored
View File

@@ -13,13 +13,12 @@ on:
workflow_call: workflow_call:
workflow_dispatch: workflow_dispatch:
permissions:
issues: write
jobs: jobs:
labels: labels:
name: ♻️ Sync labels name: ♻️ Sync labels
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
issues: write
steps: steps:
- name: ⤵️ Download latest labels definitions - name: ⤵️ Download latest labels definitions
run: | run: |