mirror of
https://github.com/mikefarah/yq.git
synced 2026-06-29 08:38:48 +00:00
fix: add least-privilege token permissions to GitHub workflows (OSSF)
Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/1b5db5e2-af78-4289-a6e0-2e972fc68ef1 Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
This commit is contained in:
parent
e2feebb221
commit
2cbd0b3350
2
.github/workflows/codeql.yml
vendored
2
.github/workflows/codeql.yml
vendored
@ -20,6 +20,8 @@ on:
|
||||
schedule:
|
||||
- cron: '24 3 * * 1'
|
||||
|
||||
permissions: {}
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
name: Analyze
|
||||
|
||||
5
.github/workflows/docker-release.yml
vendored
5
.github/workflows/docker-release.yml
vendored
@ -7,12 +7,17 @@ on:
|
||||
# Allows you to run this workflow manually from the Actions tab
|
||||
workflow_dispatch:
|
||||
|
||||
permissions: {}
|
||||
|
||||
jobs:
|
||||
publishDocker:
|
||||
environment: dockerhub
|
||||
env:
|
||||
IMAGE_NAME: mikefarah/yq
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
|
||||
|
||||
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
@ -5,6 +5,8 @@ on:
|
||||
- 'v4.*'
|
||||
- 'draft-*'
|
||||
|
||||
permissions: {}
|
||||
|
||||
jobs:
|
||||
publishGitRelease:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
4
.github/workflows/snap-release.yml
vendored
4
.github/workflows/snap-release.yml
vendored
@ -7,10 +7,14 @@ on:
|
||||
# Allows you to run this workflow manually from the Actions tab
|
||||
workflow_dispatch:
|
||||
|
||||
permissions: {}
|
||||
|
||||
jobs:
|
||||
buildSnap:
|
||||
environment: snap
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
steps:
|
||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
- uses: snapcore/action-build@3bdaa03e1ba6bf59a65f84a751d943d549a54e79 # v1.3.0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user