mirror of
https://github.com/ivuorinen/actions.git
synced 2026-03-07 13:56:24 +00:00
40f722ec18
Set `permissions: {}` at the top level of all workflow files to deny all
permissions by default, then grant only the minimum required permissions at
the job level. This fixes the Docker push failure caused by missing
`packages: write` permission being scoped incorrectly.
Changes per workflow:
- build-testing-image.yml: add contents: read + packages: write to job
- action-security.yml: consolidate contents: read, actions: read,
pull-requests: read into the analyze job
- codeql-new.yml: add actions: read to the analyze job
- dependency-review.yml: add contents: read to the dependency-review job
- issue-stats.yml: top-level only (no checkout, existing job perms sufficient)
- new-release.yml: was read-all; job already has contents: write
- pr-lint.yml: was contents: read + packages: read; job already has full perms
- release.yml: job already has contents: write
- security-suite.yml: move all perms to job level
- stale.yml: top-level only (no checkout, existing job perms sufficient)
- sync-labels.yml: was read-all; add contents: read to job for checkout
- version-maintenance.yml: move all perms to job level
Co-authored-by: ivuorinen <11024+ivuorinen@users.noreply.github.com>
50 lines
1.6 KiB
YAML
50 lines
1.6 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
|
name: Stale
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 8 * * *' # Every day at 08:00
|
|
workflow_call:
|
|
workflow_dispatch:
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
stale:
|
|
name: 🧹 Clean up stale issues and PRs
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
contents: write # only for delete-branch option
|
|
issues: write
|
|
pull-requests: write
|
|
|
|
steps:
|
|
- name: 🚀 Run stale
|
|
uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
|
|
with:
|
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
days-before-stale: 30
|
|
days-before-close: 7
|
|
remove-stale-when-updated: true
|
|
stale-issue-label: 'stale'
|
|
exempt-issue-labels: 'no-stale,help-wanted'
|
|
stale-issue-message: >
|
|
There hasn't been any activity on this issue recently, so we
|
|
clean up some of the older and inactive issues.
|
|
|
|
Please make sure to update to the latest version and
|
|
check if that solves the issue. Let us know if that works for you
|
|
by leaving a comment 👍
|
|
|
|
This issue has now been marked as stale and will be closed if no
|
|
further activity occurs. Thanks!
|
|
stale-pr-label: 'stale'
|
|
exempt-pr-labels: 'no-stale'
|
|
stale-pr-message: >
|
|
There hasn't been any activity on this pull request recently. This
|
|
pull request has been automatically marked as stale because of that
|
|
and will be closed if no further activity occurs within 7 days.
|
|
Thank you for your contributions.
|