workflows: Explicitly set minimal token permissions
This will allow us to set the default token permissions to restricted, and thus avoid accidentally introducing over-privileged new workflows.
This commit is contained in:
Martin Pitt
parent
3508576827
commit
f69d6df1d9
3 changed files with 9 additions and 0 deletions
3
.github/workflows/cockpit-lib-update.yml
vendored
3
.github/workflows/cockpit-lib-update.yml
vendored
|
|
@ -7,6 +7,9 @@ on:
|
||||||
jobs:
|
jobs:
|
||||||
cockpit-lib-update:
|
cockpit-lib-update:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
permissions:
|
||||||
|
pull-requests: write
|
||||||
|
contents: write
|
||||||
steps:
|
steps:
|
||||||
- name: Set up dependencies
|
- name: Set up dependencies
|
||||||
run: |
|
run: |
|
||||||
|
|
|
||||||
3
.github/workflows/npm-update-pf.yml
vendored
3
.github/workflows/npm-update-pf.yml
vendored
|
|
@ -7,6 +7,9 @@ on:
|
||||||
jobs:
|
jobs:
|
||||||
npm-update:
|
npm-update:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
permissions:
|
||||||
|
pull-requests: write
|
||||||
|
contents: write
|
||||||
steps:
|
steps:
|
||||||
- name: Set up dependencies
|
- name: Set up dependencies
|
||||||
run: |
|
run: |
|
||||||
|
|
|
||||||
3
.github/workflows/npm-update.yml
vendored
3
.github/workflows/npm-update.yml
vendored
|
|
@ -7,6 +7,9 @@ on:
|
||||||
jobs:
|
jobs:
|
||||||
npm-update:
|
npm-update:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
permissions:
|
||||||
|
pull-requests: write
|
||||||
|
contents: write
|
||||||
steps:
|
steps:
|
||||||
- name: Set up dependencies
|
- name: Set up dependencies
|
||||||
run: |
|
run: |
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue