-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: Write perms should be as tightly scoped as possible. (#107)
* Add a dependabot file to keep deps up to date Signed-off-by: Justin Abrahms <[email protected]> * Move write permissions to the specific job, rather than globally Signed-off-by: Justin Abrahms <[email protected]> * Run code scanning (slow auto-build) weekly Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Justin Abrahms <[email protected]>
- Loading branch information
1 parent
6eeeddd
commit 29f3293
Showing
4 changed files
with
59 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| version: 2 | ||
| updates: | ||
|
|
||
| # Maintain dependencies for GitHub Actions | ||
| - package-ecosystem: "github-actions" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "weekly" | ||
|
|
||
| # Maintain dependencies for npm | ||
| - package-ecosystem: "maven" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "weekly" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| name: "Code Scanning - Action" | ||
|
|
||
| # Docs for this at https://github.com/github/codeql-action#usage | ||
|
|
||
| on: | ||
| schedule: | ||
| # ┌───────────── minute (0 - 59) | ||
| # │ ┌───────────── hour (0 - 23) | ||
| # │ │ ┌───────────── day of the month (1 - 31) | ||
| # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) | ||
| # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) | ||
| # │ │ │ │ │ | ||
| # │ │ │ │ │ | ||
| # │ │ │ │ │ | ||
| # * * * * * | ||
| - cron: '30 1 * * 1' | ||
|
|
||
| jobs: | ||
| CodeQL-Build: | ||
| # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest | ||
| runs-on: ubuntu-latest | ||
|
|
||
| permissions: | ||
| # required for all workflows | ||
| security-events: write | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v3 | ||
|
|
||
| # Initializes the CodeQL tools for scanning. | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@v2 | ||
| with: | ||
| languages: java | ||
|
|
||
| - name: Autobuild | ||
| uses: github/codeql-action/autobuild@v2 | ||
|
|
||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@v2 |