File tree 5 files changed +41
-0
lines changed
5 files changed +41
-0
lines changed Original file line number Diff line number Diff line change @@ -4,6 +4,10 @@ concurrency:
4
4
group : ${{ github.workflow }}-${{ github.ref }}
5
5
cancel-in-progress : true
6
6
7
+ # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
8
+ permissions :
9
+ contents : read
10
+
7
11
on :
8
12
push :
9
13
branches :
@@ -146,6 +150,9 @@ jobs:
146
150
147
151
release :
148
152
runs-on : ubuntu-latest
153
+ permissions :
154
+ # required to create GitHub release
155
+ contents : write
149
156
needs :
150
157
- artifact
151
158
- test
@@ -187,6 +194,11 @@ jobs:
187
194
188
195
image :
189
196
runs-on : ubuntu-latest
197
+ permissions :
198
+ # same as global permissions
199
+ contents : read
200
+ # required to push to GHCR
201
+ packages : write
190
202
needs :
191
203
- artifact
192
204
- test
Original file line number Diff line number Diff line change @@ -4,6 +4,10 @@ concurrency:
4
4
group : ${{ github.workflow }}-${{ github.ref }}
5
5
cancel-in-progress : true
6
6
7
+ # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
8
+ permissions :
9
+ contents : read
10
+
7
11
on :
8
12
push :
9
13
branches :
19
23
jobs :
20
24
codeql :
21
25
runs-on : ubuntu-latest
26
+ permissions :
27
+ # same as global permissions
28
+ contents : read
29
+ # required for code scanning
30
+ security-events : write
22
31
steps :
23
32
-
24
33
name : Checkout
Original file line number Diff line number Diff line change @@ -4,6 +4,10 @@ concurrency:
4
4
group : ${{ github.workflow }}-${{ github.ref }}
5
5
cancel-in-progress : true
6
6
7
+ # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
8
+ permissions :
9
+ contents : read
10
+
7
11
on :
8
12
workflow_dispatch :
9
13
push :
18
22
jobs :
19
23
publish :
20
24
runs-on : ubuntu-latest
25
+ permissions :
26
+ # required to push to gh-pages
27
+ contents : write
21
28
steps :
22
29
-
23
30
name : Checkout
Original file line number Diff line number Diff line change @@ -4,6 +4,10 @@ concurrency:
4
4
group : ${{ github.workflow }}-${{ github.ref }}
5
5
cancel-in-progress : true
6
6
7
+ # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
8
+ permissions :
9
+ contents : read
10
+
7
11
on :
8
12
push :
9
13
branches :
Original file line number Diff line number Diff line change @@ -4,6 +4,10 @@ concurrency:
4
4
group : ${{ github.workflow }}-${{ github.ref }}
5
5
cancel-in-progress : true
6
6
7
+ # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
8
+ permissions :
9
+ contents : read
10
+
7
11
on :
8
12
push :
9
13
branches :
19
23
jobs :
20
24
labeler :
21
25
runs-on : ubuntu-latest
26
+ permissions :
27
+ # same as global permissions
28
+ contents : read
29
+ # required to update labels
30
+ issues : write
22
31
steps :
23
32
-
24
33
name : Checkout
You can’t perform that action at this time.
0 commit comments