ci: add default action permissions (#36363)
* [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> * Delete dependabot.yml Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
This commit is contained in:
parent
bd345358f6
commit
517225b99e
3 changed files with 12 additions and 0 deletions
3
.github/workflows/electron_woa_testing.yml
vendored
3
.github/workflows/electron_woa_testing.yml
vendored
|
@ -10,6 +10,9 @@ on:
|
|||
type: text
|
||||
required: true
|
||||
|
||||
permissions: # added using https://github.com/step-security/secure-workflows
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
electron-woa-init:
|
||||
if: ${{ github.event_name == 'push' && github.repository == 'electron/electron' }}
|
||||
|
|
6
.github/workflows/issue-labeled.yml
vendored
6
.github/workflows/issue-labeled.yml
vendored
|
@ -4,8 +4,14 @@ on:
|
|||
issues:
|
||||
types: [labeled]
|
||||
|
||||
permissions: # added using https://github.com/step-security/secure-workflows
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
issue-labeled:
|
||||
permissions:
|
||||
issues: write # for actions-cool/issues-helper to update issues
|
||||
pull-requests: write # for actions-cool/issues-helper to update PRs
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: blocked/need-repro
|
||||
|
|
|
@ -7,6 +7,9 @@ on:
|
|||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
permissions: # added using https://github.com/step-security/secure-workflows
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
check_tag:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
Loading…
Reference in a new issue