Skip to content

Commit 49c90b1

Browse files
dblinkhorndblinkhorn
authored
docs(multiple-actions): move permissions to job level in workflows (#969)
docs(multiple-actions): move permissions to job level in workflow examples
1 parent 6b7528b commit 49c90b1

File tree

14 files changed

+41
-61
lines changed

14 files changed

+41
-61
lines changed

actions/aws-auth/README.md

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,13 +11,11 @@ name: Authenticate to AWS
1111
on:
1212
pull_request:
1313

14-
permissions:
15-
id-token: write
16-
1714
jobs:
1815
build:
1916
runs-on: ubuntu-latest
20-
17+
permissions:
18+
id-token: write
2119
steps:
2220
- id: aws-auth
2321
uses: grafana/shared-workflows/actions/[email protected]

actions/build-push-to-dockerhub/README.md

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,14 +12,12 @@ name: Push to DockerHub
1212
on:
1313
pull_request:
1414

15-
permissions:
16-
contents: read
17-
id-token: write
18-
1915
jobs:
2016
build:
2117
runs-on: ubuntu-latest
22-
18+
permissions:
19+
contents: read
20+
id-token: write
2321
steps:
2422
- id: checkout
2523
uses: actions/checkout@v4

actions/dockerhub-login/README.md

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,14 +12,12 @@ name: Push to DockerHub
1212
on:
1313
pull_request:
1414

15-
permissions:
16-
contents: read
17-
id-token: write
18-
1915
jobs:
2016
build:
2117
runs-on: ubuntu-latest
22-
18+
permissions:
19+
contents: read
20+
id-token: write
2321
steps:
2422
- name: Login to DockerHub
2523
uses: grafana/shared-workflows/actions/[email protected]

actions/find-pr-for-commit/README.md

Lines changed: 9 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -38,12 +38,11 @@ on:
3838
branches:
3939
- main
4040

41-
permissions:
42-
contents: read
43-
pull-requests: read
44-
4541
jobs:
4642
comment-on-pr-for-commit:
43+
permissions:
44+
contents: read
45+
pull-requests: read
4746
steps:
4847
- name: Find PR for current commit
4948
id: find-pr
@@ -61,12 +60,11 @@ on:
6160
branches:
6261
- main
6362

64-
permissions:
65-
contents: read
66-
pull-requests: read
67-
6863
jobs:
6964
comment-on-pr-for-commit:
65+
permissions:
66+
contents: read
67+
pull-requests: read
7068
steps:
7169
- name: Find PR for specific commit
7270
id: find-pr
@@ -86,12 +84,11 @@ on:
8684
branches:
8785
- main
8886

89-
permissions:
90-
contents: read
91-
pull-requests: read
92-
9387
jobs:
9488
comment-on-pr-for-commit:
89+
permissions:
90+
contents: read
91+
pull-requests: read
9592
steps:
9693
- name: Find PR for named revision
9794
id: find-pr

actions/generate-openapi-clients/README.md

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,12 +28,11 @@ on:
2828
branches:
2929
- main
3030

31-
permissions:
32-
contents: write # Only needed if `commit-changes` is set to true
33-
3431
jobs:
3532
build-and-publish:
3633
runs-on: ubuntu-latest
34+
permissions:
35+
contents: write # Only needed if `commit-changes` is set to true
3736
steps:
3837
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v1.0.1
3938
with:

actions/login-to-gar/README.md

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,15 +11,13 @@ name: CI
1111
on:
1212
pull_request:
1313

14-
# These permissions are needed to assume roles from Github's OIDC.
15-
permissions:
16-
contents: read
17-
id-token: write
18-
1914
jobs:
2015
login:
2116
runs-on: ubuntu-latest
22-
17+
# These permissions are needed to assume roles from Github's OIDC.
18+
permissions:
19+
contents: read
20+
id-token: write
2321
steps:
2422
- uses: grafana/shared-workflows/actions/[email protected]
2523
id: login-to-gar

actions/login-to-gcs/README.md

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,12 @@ on:
1515
branches:
1616
- main
1717

18-
permissions:
19-
contents: read
20-
id-token: write
21-
2218
jobs:
2319
login-to-gcs:
2420
name: login-to-gcs
21+
permissions:
22+
contents: read
23+
id-token: write
2524
steps:
2625
- uses: grafana/shared-workflows/actions/[email protected]
2726
id: login-to-gcs

actions/push-to-gar-docker/README.md

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,13 @@ name: CI
1515
on:
1616
pull_request:
1717

18-
# These permissions are needed to assume roles from Github's OIDC.
19-
permissions:
20-
contents: read
21-
id-token: write
22-
2318
jobs:
2419
build-and-push:
2520
runs-on: ubuntu-latest
26-
21+
# These permissions are needed to assume roles from Github's OIDC.
22+
permissions:
23+
contents: read
24+
id-token: write
2725
steps:
2826
- id: checkout
2927
uses: actions/checkout@v4

actions/push-to-gcs/README.md

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,14 +18,13 @@ on:
1818
branches:
1919
- main
2020

21-
permissions:
22-
contents: read
23-
id-token: write
24-
2521
jobs:
2622
upload-to-gcs:
2723
name: upload
2824
runs-on: ubuntu-x64-small
25+
permissions:
26+
contents: read
27+
id-token: write
2928
steps:
3029
- uses: actions/checkout@v4
3130
with:

actions/remove-checkout-credentials/README.md

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,18 +6,16 @@ For `actions/checkout` it is recommended to pass the `persist-credentials: false
66

77
## Example
88

9-
```
9+
```yaml
1010
name: CI
1111
on:
1212
pull_request: {}
1313

14-
permissions:
15-
contents: read
16-
1714
jobs:
1815
build:
1916
runs-on: ubuntu-latest
20-
17+
permissions:
18+
contents: read
2119
steps:
2220
- uses: actions/checkout@v4
2321
with:

0 commit comments

Comments
 (0)