diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json new file mode 100644 index 00000000..d58b251b --- /dev/null +++ b/.github/linters/.jscpd.json @@ -0,0 +1,6 @@ +{ + "ignore": [ + "**/charts/atlantis/templates/**", + "**/charts/atlantis/tests/**" + ] +} diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 849efcc9..fe8f6f0a 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -10,6 +10,8 @@ defaults: run: shell: bash +permissions: read-all + jobs: lint-test: runs-on: ubuntu-latest diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml index 1afec691..36427bd8 100644 --- a/.github/workflows/linter.yaml +++ b/.github/workflows/linter.yaml @@ -5,18 +5,21 @@ name: Lint Code Base on: pull_request: - paths: - - 'charts/atlantis/**' + +permissions: read-all jobs: build: name: Lint Code Base runs-on: ubuntu-latest + permissions: + statuses: write steps: - name: Checkout Code uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Lint Code Base uses: github/super-linter@v6 env: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7f85d0b0..ad9cc041 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,9 +7,13 @@ on: paths: - 'charts/atlantis/**' +permissions: read-all + jobs: release: runs-on: ubuntu-latest + permissions: + contents: write steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index c989d769..a45b01d3 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -2,9 +2,15 @@ name: Close Stale PRs on: schedule: - cron: '30 1 * * *' + +permissions: read-all + jobs: stale: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write steps: - uses: actions/stale@v9 with: