Skip to content

Commit

Permalink
Lock down workflow permissions. (qmk#19406)
Browse files Browse the repository at this point in the history 
Co-authored-by: Joel Challis <[email protected]>
  • Loading branch information
@tzarc @zvecr @ideas32
2 people authored and ideas32 committed Jan 25, 2023
1 parent 7c60f54 commit 0c6e687
Show file tree
Hide file tree
Showing 13 changed files with 41 additions and 4 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/api.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: Update API Data

permissions:
contents: read

on:
push:
branches:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/auto_approve.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
name: Automatic Approve

permissions: {}

on:
schedule:
- cron: "*/5 * * * *"
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/auto_tag.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: Essential files modified

permissions:
contents: write

on:
push:
branches:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/cli.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: CLI CI

permissions:
contents: read

on:
push:
branches:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/develop_update.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: Update develop after master merge

permissions:
contents: write

on:
push:
branches:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/docs.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: Generate Docs

permissions:
contents: write

on:
push:
branches:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/feature_branch_update.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: Update feature branches after develop merge

permissions:
contents: write

on:
push:
branches:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/format.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: PR Lint Format

permissions:
contents: read

on:
pull_request:
paths:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/format_push.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: Lint Format

permissions:
contents: read

on:
push:
branches:
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/labeler.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: "Pull Request Labeler"

permissions:
contents: read
pull-requests: write

on:
pull_request_target:
types: [opened, synchronize, reopened, ready_for_review, locked]
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/lint.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: PR Lint keyboards

permissions:
contents: read

on:
pull_request:
paths:
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/stale.yml
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
name: 'Close stale issues and PRs'
on:
schedule:
- cron: '30 1 * * *'
workflow_dispatch:

permissions:
issues: write
pull-requests: write

on:
schedule:
- cron: '30 1 * * *'
workflow_dispatch:

jobs:
stale:
runs-on: ubuntu-latest
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/unit_test.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: Unit Tests

permissions:
contents: read

on:
push:
branches:
Expand Down

0 comments on commit 0c6e687

Please sign in to comment.