mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-17 11:57:12 +03:00
Explicit permissions for github actions
To improve OSSF Scorecard score on Scorecard repo
This commit is contained in:
parent
007156b1d3
commit
682e6ea176
6
.github/workflows/codeql-analysis.yml
vendored
6
.github/workflows/codeql-analysis.yml
vendored
@ -35,11 +35,13 @@ on:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
statuses: write
|
||||
security-events: write
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
permissions:
|
||||
actions: read # for github/codeql-action/init to get workflow details
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/autobuild to send a status report
|
||||
name: Analyze
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
|
3
.github/workflows/docker.yml
vendored
3
.github/workflows/docker.yml
vendored
@ -12,6 +12,9 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
name: docker-build
|
||||
on:
|
||||
push:
|
||||
|
7
.github/workflows/goreleaser.yaml
vendored
7
.github/workflows/goreleaser.yaml
vendored
@ -19,11 +19,14 @@ on:
|
||||
tags:
|
||||
- "*" # triggers only if push new tag version, like `0.8.4` or else
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
goreleaser:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
contents: write # for goreleaser/goreleaser-action to create a GitHub release
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
|
||||
|
4
.github/workflows/main.yml
vendored
4
.github/workflows/main.yml
vendored
@ -13,6 +13,10 @@
|
||||
# limitations under the License.
|
||||
|
||||
name: build
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
|
Loading…
Reference in New Issue
Block a user