From 2679b2926cd89e8a7180a0cc85f348ccf80252e4 Mon Sep 17 00:00:00 2001 From: Matthew Penner <me@matthewp.io> Date: Wed, 28 Aug 2024 20:01:56 -0600 Subject: [PATCH] ci: update workflow permissions Signed-off-by: Matthew Penner <me@matthewp.io> --- .github/workflows/build.yaml | 2 ++ .github/workflows/ci.yaml | 2 ++ .github/workflows/docker.yaml | 3 +++ .github/workflows/lint.yaml | 2 ++ .github/workflows/release.yaml | 4 +++- 5 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 4aca84ce80..6b6db3ff63 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -14,6 +14,8 @@ jobs: ui: name: UI runs-on: ubuntu-20.04 + permissions: + contents: read strategy: fail-fast: false matrix: diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3bf5d9ecf1..6916a0a904 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -14,6 +14,8 @@ jobs: tests: name: Tests runs-on: ubuntu-20.04 + permissions: + contents: read strategy: fail-fast: false matrix: diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index ffa30b3493..bf9e88607b 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -18,6 +18,9 @@ jobs: name: Push runs-on: ubuntu-20.04 if: "!contains(github.ref, 'develop') || (!contains(github.event.head_commit.message, 'skip docker') && !contains(github.event.head_commit.message, 'docker skip'))" + permissions: + contents: read + packages: write steps: - name: Code checkout uses: actions/checkout@v3 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 68299f21df..e22c7003a9 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -14,6 +14,8 @@ jobs: lint: name: Lint runs-on: ubuntu-20.04 + permissions: + contents: read steps: - name: Code Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index cbbb4b05e7..9bbca812ba 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,6 +9,8 @@ jobs: release: name: Release runs-on: ubuntu-20.04 + permissions: + contents: write # write is required to create releases and push. steps: - name: Code checkout uses: actions/checkout@v3 @@ -41,7 +43,7 @@ jobs: - name: Create release archive run: | - rm -rf node_modules tests CODE_OF_CONDUCT.md CONTRIBUTING.md flake.lock flake.nix phpunit.xml shell.nix + rm -rf node_modules tests CODE_OF_CONDUCT.md CONTRIBUTING.md flake.lock flake.nix phpunit.xml shell.nix tar -czf panel.tar.gz * .editorconfig .env.example .eslintignore .eslintrc.js .gitignore .prettierrc.json - name: Extract changelog