ci: add default action permissions (#36363)
* [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> * Delete dependabot.yml Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
This commit is contained in:
parent
bd345358f6
commit
517225b99e
3 changed files with 12 additions and 0 deletions
3
.github/workflows/electron_woa_testing.yml
vendored
3
.github/workflows/electron_woa_testing.yml
vendored
|
@ -10,6 +10,9 @@ on:
|
||||||
type: text
|
type: text
|
||||||
required: true
|
required: true
|
||||||
|
|
||||||
|
permissions: # added using https://github.com/step-security/secure-workflows
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
electron-woa-init:
|
electron-woa-init:
|
||||||
if: ${{ github.event_name == 'push' && github.repository == 'electron/electron' }}
|
if: ${{ github.event_name == 'push' && github.repository == 'electron/electron' }}
|
||||||
|
|
6
.github/workflows/issue-labeled.yml
vendored
6
.github/workflows/issue-labeled.yml
vendored
|
@ -4,8 +4,14 @@ on:
|
||||||
issues:
|
issues:
|
||||||
types: [labeled]
|
types: [labeled]
|
||||||
|
|
||||||
|
permissions: # added using https://github.com/step-security/secure-workflows
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
issue-labeled:
|
issue-labeled:
|
||||||
|
permissions:
|
||||||
|
issues: write # for actions-cool/issues-helper to update issues
|
||||||
|
pull-requests: write # for actions-cool/issues-helper to update PRs
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: blocked/need-repro
|
- name: blocked/need-repro
|
||||||
|
|
|
@ -7,6 +7,9 @@ on:
|
||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
permissions: # added using https://github.com/step-security/secure-workflows
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
check_tag:
|
check_tag:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
Loading…
Reference in a new issue