Merge pull request #4533 from turrisxyz/Pinned-Dependencies-GitHub

chore: Set permissions for GitHub actions
2025-04-22 04:57:07 -04:00 · 2022-05-30 04:15:47 +03:00 · 2022-05-30 04:15:47 +03:00 · 52ea940265
commit 52ea940265
parent d74662bfd7 355b358fe2
3 changed files with 15 additions and 0 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -9,8 +9,15 @@ on:
  schedule:
    - cron: '0 16 * * 3'

+permissions:
+  contents: read
+
 jobs:
  analyze:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
    name: Analyze
    runs-on: ubuntu-latest

--- a/.github/workflows/dockerimage.yml
+++ b/.github/workflows/dockerimage.yml
@ -5,6 +5,9 @@ on:
    branches:
      - master

+permissions:
+  contents: read
+
 jobs:

  build:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -5,8 +5,13 @@ on:
    branches:
      - master

+permissions:
+  contents: read
+
 jobs:
  release:
+    permissions:
+      contents: write  # for helm/chart-releaser-action to push chart release and create a release
    runs-on: ubuntu-latest
    steps:
      - name: Checkout