summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornaveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>2022-03-30 20:32:28 +0000
committernaveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>2022-03-30 20:36:23 +0000
commit9cacc18c951d4497b5979f96d829c86ca41f777f (patch)
tree5e3848aa4891a4ff4b1ebd5f4e062d2acb58f042
parent3c75c4a54cba6a1949e53c4386447120b7ddb5a9 (diff)
downloadpodman-9cacc18c951d4497b5979f96d829c86ca41f777f.tar.gz
podman-9cacc18c951d4497b5979f96d829c86ca41f777f.tar.bz2
podman-9cacc18c951d4497b5979f96d829c86ca41f777f.zip
Set permissions for GitHub actions
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
-rw-r--r--.github/workflows/check_cirrus_cron.yml3
-rw-r--r--.github/workflows/issue-labeler.yml6
-rw-r--r--.github/workflows/pr-title.yml5
3 files changed, 14 insertions, 0 deletions
diff --git a/.github/workflows/check_cirrus_cron.yml b/.github/workflows/check_cirrus_cron.yml
index 5704b0b9d..bca77e4d9 100644
--- a/.github/workflows/check_cirrus_cron.yml
+++ b/.github/workflows/check_cirrus_cron.yml
@@ -25,6 +25,9 @@ env:
# (must be in $GITHUB_WORKSPACE/artifacts/)
NAME_ID_FILEPATH: './artifacts/name_id.txt'
+permissions:
+ contents: read
+
jobs:
cron_failures:
runs-on: ubuntu-latest
diff --git a/.github/workflows/issue-labeler.yml b/.github/workflows/issue-labeler.yml
index 18fff7f7c..afebc7fca 100644
--- a/.github/workflows/issue-labeler.yml
+++ b/.github/workflows/issue-labeler.yml
@@ -3,8 +3,14 @@ on:
issues:
types: [opened, edited]
+permissions:
+ contents: read
+
jobs:
triage:
+ permissions:
+ contents: read # for github/issue-labeler to get repo contents
+ issues: write # for github/issue-labeler to create or remove labels
runs-on: ubuntu-latest
steps:
- uses: github/issue-labeler@3ae0e4623c1fda729347ae0d8f1c2e52302ef4c6 # v2.0
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
index 2b57392ce..66599a86d 100644
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@@ -7,8 +7,13 @@ on:
branches:
- "!master" # causes errors; reason unknown
+permissions:
+ contents: read
+
jobs:
update_pr:
+ permissions:
+ pull-requests: write # for tzkhan/pr-update-action to update PRs
runs-on: ubuntu-latest
steps:
- uses: tzkhan/pr-update-action@bbd4c9395df8a9c4ef075b8b7fe29f2ca76cdca9 # v2