ivuorinen/actions
1
0
Fork 0
mirror of https://github.com/ivuorinen/actions.git synced 2026-03-07 19:56:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
364 Commits 3 Branches 140 Tags
40f722ec1840e7300d6faeea3d4e4ee1758e09bc
Commit Graph

12 Commits

Author SHA1 Message Date
copilot-swe-agent[bot]
40f722ec18 fix: harden workflow permissions - set top-level permissions: {} and scope perms to jobs 
Set `permissions: {}` at the top level of all workflow files to deny all
permissions by default, then grant only the minimum required permissions at
the job level. This fixes the Docker push failure caused by missing
`packages: write` permission being scoped incorrectly.

Changes per workflow:
- build-testing-image.yml: add contents: read + packages: write to job
- action-security.yml: consolidate contents: read, actions: read,
  pull-requests: read into the analyze job
- codeql-new.yml: add actions: read to the analyze job
- dependency-review.yml: add contents: read to the dependency-review job
- issue-stats.yml: top-level only (no checkout, existing job perms sufficient)
- new-release.yml: was read-all; job already has contents: write
- pr-lint.yml: was contents: read + packages: read; job already has full perms
- release.yml: job already has contents: write
- security-suite.yml: move all perms to job level
- stale.yml: top-level only (no checkout, existing job perms sufficient)
- sync-labels.yml: was read-all; add contents: read to job for checkout
- version-maintenance.yml: move all perms to job level

Co-authored-by: ivuorinen <11024+ivuorinen@users.noreply.github.com>
 2026-03-05 21:22:44 +00:00
renovate[bot]
a75db3a84a chore(deps): update actions/stale action (v10.1.1 → v10.2.0) (#460) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-23 21:29:07 +02:00
Ismo Vuorinen
44a11e9773 chore: update actions, cleanup pr-lint and pre-commit (#389) 
* chore: update actions, cleanup pr-lint

* chore: cleanup pre-commit config, formatting

* chore: revert sigstore/cosign-installer downgrade

* chore: formatting
 2025-12-07 02:24:33 +02:00
renovate[bot]
9df3b0bff7 chore(deps): update actions/stale action (v10.0.0 → v10.1.0) (#283) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-10-06 09:38:03 +00:00
renovate[bot]
4b6870953c chore(deps)!: update actions/stale (v9.1.0 → v10.0.0) (#249) 2025-09-19 22:20:07 +03:00
Ismo Vuorinen
a006d699d3 fix: security-trends fixes, docs, tweaks 2025-02-04 12:16:16 +02:00
Ismo Vuorinen
19f792e5d1 feat(ci): pin versions, tighten permissions 2025-02-02 14:20:05 +02:00
Ismo Vuorinen
210aa969b3 feat: add GitHub Actions workflows for code quality and automation (#2) 2025-02-02 00:42:19 +02:00
Ismo Vuorinen
af6ecdf6ca fix(ci): stale workflow permissions 2025-01-22 17:26:35 +02:00
Ismo Vuorinen
25a111c379 fix(ci): stale workflow permissions 2025-01-22 17:25:22 +02:00
Ismo Vuorinen
1be469a40e fix(ci): stale workflow permissions 2025-01-22 17:24:00 +02:00
Ismo Vuorinen
e90c7a737a Initial commit 2024-11-10 11:34:15 +02:00