diff options
author | naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> | 2022-03-30 20:32:28 +0000 |
---|---|---|
committer | naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> | 2022-03-30 20:36:23 +0000 |
commit | 9cacc18c951d4497b5979f96d829c86ca41f777f (patch) | |
tree | 5e3848aa4891a4ff4b1ebd5f4e062d2acb58f042 | |
parent | 3c75c4a54cba6a1949e53c4386447120b7ddb5a9 (diff) | |
download | podman-9cacc18c951d4497b5979f96d829c86ca41f777f.tar.gz podman-9cacc18c951d4497b5979f96d829c86ca41f777f.tar.bz2 podman-9cacc18c951d4497b5979f96d829c86ca41f777f.zip |
Set permissions for GitHub actions
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
-rw-r--r-- | .github/workflows/check_cirrus_cron.yml | 3 | ||||
-rw-r--r-- | .github/workflows/issue-labeler.yml | 6 | ||||
-rw-r--r-- | .github/workflows/pr-title.yml | 5 |
3 files changed, 14 insertions, 0 deletions
diff --git a/.github/workflows/check_cirrus_cron.yml b/.github/workflows/check_cirrus_cron.yml index 5704b0b9d..bca77e4d9 100644 --- a/.github/workflows/check_cirrus_cron.yml +++ b/.github/workflows/check_cirrus_cron.yml @@ -25,6 +25,9 @@ env: # (must be in $GITHUB_WORKSPACE/artifacts/) NAME_ID_FILEPATH: './artifacts/name_id.txt' +permissions: + contents: read + jobs: cron_failures: runs-on: ubuntu-latest diff --git a/.github/workflows/issue-labeler.yml b/.github/workflows/issue-labeler.yml index 18fff7f7c..afebc7fca 100644 --- a/.github/workflows/issue-labeler.yml +++ b/.github/workflows/issue-labeler.yml @@ -3,8 +3,14 @@ on: issues: types: [opened, edited] +permissions: + contents: read + jobs: triage: + permissions: + contents: read # for github/issue-labeler to get repo contents + issues: write # for github/issue-labeler to create or remove labels runs-on: ubuntu-latest steps: - uses: github/issue-labeler@3ae0e4623c1fda729347ae0d8f1c2e52302ef4c6 # v2.0 diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 2b57392ce..66599a86d 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -7,8 +7,13 @@ on: branches: - "!master" # causes errors; reason unknown +permissions: + contents: read + jobs: update_pr: + permissions: + pull-requests: write # for tzkhan/pr-update-action to update PRs runs-on: ubuntu-latest steps: - uses: tzkhan/pr-update-action@bbd4c9395df8a9c4ef075b8b7fe29f2ca76cdca9 # v2 |