diff --git a/.github/workflows/check-eol-newrelease.yml b/.github/workflows/check-eol-newrelease.yml index e820534bc..c87095138 100644 --- a/.github/workflows/check-eol-newrelease.yml +++ b/.github/workflows/check-eol-newrelease.yml @@ -9,6 +9,10 @@ on: jobs: check-eol-newrelease: runs-on: ubuntu-latest + permissions: + contents: read + issues: write + if: github.repository == 'line/line-bot-sdk-nodejs' steps: - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/close-issue.yml b/.github/workflows/close-issue.yml index 31e4ad3a3..2a97a46cf 100644 --- a/.github/workflows/close-issue.yml +++ b/.github/workflows/close-issue.yml @@ -11,6 +11,7 @@ jobs: permissions: issues: write pull-requests: write + if: github.repository == 'line/line-bot-sdk-nodejs' steps: - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: diff --git a/.github/workflows/create-draft-release.yml b/.github/workflows/create-draft-release.yml index 75165a83b..5d4aebf4f 100644 --- a/.github/workflows/create-draft-release.yml +++ b/.github/workflows/create-draft-release.yml @@ -26,6 +26,7 @@ on: jobs: validate-input: runs-on: ubuntu-latest + permissions: {} steps: - name: Validate Acknowledgement if: ${{ github.event.inputs.acknowledge_draft != 'Yes' }} @@ -41,7 +42,8 @@ jobs: create-draft-release: runs-on: ubuntu-latest needs: validate-input - + permissions: + contents: write steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Fetch Latest Release diff --git a/.github/workflows/deploy-doc.yml b/.github/workflows/deploy-doc.yml index 0a00eb56b..3651c3b10 100644 --- a/.github/workflows/deploy-doc.yml +++ b/.github/workflows/deploy-doc.yml @@ -4,11 +4,6 @@ on: workflow_call: workflow_dispatch: -permissions: - contents: read - pages: write - id-token: write - concurrency: group: pages cancel-in-progress: false @@ -16,6 +11,10 @@ concurrency: jobs: build: runs-on: ubuntu-latest + permissions: + contents: read + pages: write + issues: write steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 @@ -61,6 +60,10 @@ jobs: url: ${{ steps.deployment.outputs.page_url }} needs: [build] runs-on: ubuntu-latest + permissions: + pages: write + id-token: write + issues: write name: Deploy steps: - name: Deploy to GitHub Pages diff --git a/.github/workflows/generate-code.yml b/.github/workflows/generate-code.yml index 1665fd343..001e17851 100644 --- a/.github/workflows/generate-code.yml +++ b/.github/workflows/generate-code.yml @@ -11,7 +11,9 @@ jobs: tests: name: Generate OpenAPI based code runs-on: ubuntu-latest - + permissions: + contents: write + pull-requests: write steps: # Setup - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 076315e23..0e90f4091 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,12 +10,11 @@ on: jobs: release-package: + runs-on: ubuntu-latest permissions: contents: read id-token: write issues: write - - runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Setup .npmrc file to publish to GitHub Packages diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 43c9c4d9e..949576d2b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,9 +7,9 @@ on: jobs: build: - runs-on: ubuntu-latest - + permissions: + contents: read strategy: matrix: # https://nodejs.org/en/about/releases/ diff --git a/line-openapi b/line-openapi index 9dec0f842..cc542e3cf 160000 --- a/line-openapi +++ b/line-openapi @@ -1 +1 @@ -Subproject commit 9dec0f8428ed1f422e718ed4e51b917d92fb9046 +Subproject commit cc542e3cf99e2f0be68507ef5d5fde47d9fae5f9