Skip to content

Commit be69626

Browse files
korridorkorridor
committed
Add permissions to all GitHub actions
1 parent f1dce88 commit be69626

File tree

12 files changed

+30
-11
lines changed

12 files changed

+30
-11
lines changed

.github/workflows/build-private.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,16 @@ on:
1010
- '.github/workflows/build-private.yml'
1111
- 'docker/prod/**'
1212
workflow_dispatch:
13+
permissions:
14+
contents: read
1315

1416
name: Build - Private
1517
jobs:
1618
build:
1719
runs-on: ubuntu-latest
1820
timeout-minutes: 20
1921

22+
2023
steps:
2124
- name: "Check out code"
2225
uses: actions/checkout@v4

.github/workflows/build-public.yml

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,12 @@ on:
1111
- 'docker/prod/**'
1212
workflow_dispatch:
1313

14+
permissions:
15+
packages: write
16+
contents: read
17+
attestations: write
18+
id-token: write
19+
1420
env:
1521
DOCKERHUB_REPO: solidtime/solidtime
1622
GHCR_REPO: ghcr.io/solidtime-io/solidtime
@@ -26,11 +32,6 @@ jobs:
2632
- runs-on: "ubuntu-24.04"
2733
platform: "linux/amd64"
2834
runs-on: ${{ matrix.runs-on }}
29-
permissions:
30-
packages: write
31-
contents: read
32-
attestations: write
33-
id-token: write
3435
timeout-minutes: 90
3536

3637
steps:
@@ -163,11 +164,6 @@ jobs:
163164

164165
merge:
165166
runs-on: ubuntu-latest
166-
permissions:
167-
packages: write
168-
contents: read
169-
attestations: write
170-
id-token: write
171167
timeout-minutes: 90
172168
needs:
173169
- build

.github/workflows/generate-api-docs.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@ on:
33
push:
44
branches:
55
- main
6+
permissions:
7+
contents: read
8+
69
jobs:
710
api_docs:
811
runs-on: ubuntu-latest

.github/workflows/npm-build.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
name: NPM Build
22

33
on: [push]
4+
permissions:
5+
contents: read
46

57
jobs:
68
build:

.github/workflows/npm-lint.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
name: NPM Lint
22

33
on: [push]
4+
permissions:
5+
contents: read
46

57
jobs:
68
build:

.github/workflows/npm-publish-api.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
name: Publish API package to NPM
22
on:
33
workflow_dispatch
4+
permissions:
5+
contents: read
46
jobs:
57
build:
68
runs-on: ubuntu-latest

.github/workflows/npm-publish-ui.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
name: Publish UI package to NPM
22
on:
33
workflow_dispatch
4+
permissions:
5+
contents: read
46
jobs:
57
build:
68
runs-on: ubuntu-latest

.github/workflows/npm-typecheck.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
name: NPM Typecheck
22

33
on: [push]
4-
4+
permissions:
5+
contents: read
56
jobs:
67
build:
78
runs-on: ubuntu-latest

.github/workflows/phpstan.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
name: Static code analysis (PHPStan)
22
on: push
3+
permissions:
4+
contents: read
35
jobs:
46
phpstan:
57
runs-on: ubuntu-latest

.github/workflows/phpunit.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
name: PHPUnit Tests
22
on: push
3+
permissions:
4+
contents: read
35
jobs:
46
phpunit:
57
runs-on: ubuntu-latest

0 commit comments

Comments
 (0)