aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2022-04-04 10:47:27 -0400
committerGitHub <noreply@github.com>2022-04-04 10:47:27 -0400
commitaecb2023d240b69690f35721efcee7d724eba3f5 (patch)
treee34509595ef6dbb47a19bc234f94f7027239245f
parent0e3a704f69b53246ff770aba3a1258a6c2d35ba0 (diff)
parent6375a85055b4472846445a37464851429edfa447 (diff)
downloadpodman-aecb2023d240b69690f35721efcee7d724eba3f5.tar.gz
podman-aecb2023d240b69690f35721efcee7d724eba3f5.tar.bz2
podman-aecb2023d240b69690f35721efcee7d724eba3f5.zip
Merge pull request #13724 from naveensrinivasan/naveen/feat/set-perms-actions
[CI:DOCS] Set permissions for GitHub actions
-rw-r--r--.github/workflows/check_cirrus_cron.yml3
-rw-r--r--.github/workflows/issue-labeler.yml6
-rw-r--r--.github/workflows/pr-title.yml5
3 files changed, 14 insertions, 0 deletions
diff --git a/.github/workflows/check_cirrus_cron.yml b/.github/workflows/check_cirrus_cron.yml
index 5704b0b9d..bca77e4d9 100644
--- a/.github/workflows/check_cirrus_cron.yml
+++ b/.github/workflows/check_cirrus_cron.yml
@@ -25,6 +25,9 @@ env:
# (must be in $GITHUB_WORKSPACE/artifacts/)
NAME_ID_FILEPATH: './artifacts/name_id.txt'
+permissions:
+ contents: read
+
jobs:
cron_failures:
runs-on: ubuntu-latest
diff --git a/.github/workflows/issue-labeler.yml b/.github/workflows/issue-labeler.yml
index 18fff7f7c..afebc7fca 100644
--- a/.github/workflows/issue-labeler.yml
+++ b/.github/workflows/issue-labeler.yml
@@ -3,8 +3,14 @@ on:
issues:
types: [opened, edited]
+permissions:
+ contents: read
+
jobs:
triage:
+ permissions:
+ contents: read # for github/issue-labeler to get repo contents
+ issues: write # for github/issue-labeler to create or remove labels
runs-on: ubuntu-latest
steps:
- uses: github/issue-labeler@3ae0e4623c1fda729347ae0d8f1c2e52302ef4c6 # v2.0
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
index 2b57392ce..66599a86d 100644
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@@ -7,8 +7,13 @@ on:
branches:
- "!master" # causes errors; reason unknown
+permissions:
+ contents: read
+
jobs:
update_pr:
+ permissions:
+ pull-requests: write # for tzkhan/pr-update-action to update PRs
runs-on: ubuntu-latest
steps:
- uses: tzkhan/pr-update-action@bbd4c9395df8a9c4ef075b8b7fe29f2ca76cdca9 # v2