]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 76a7c63)
ci: tighten several GHActions a bit more
authorEvgeny Vereshchagin <evvers@ya.ru>
Sat, 13 Nov 2021 14:40:20 +0000 (14:40 +0000)
committerEvgeny Vereshchagin <evvers@ya.ru>
Sat, 13 Nov 2021 19:17:21 +0000 (22:17 +0300)
with https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions

.github/workflows/build_test.yml patch | blob | blame | history
.github/workflows/cifuzz.yml patch | blob | blame | history
.github/workflows/coverity.yml patch | blob | blame | history
.github/workflows/labeler.yml patch | blob | blame | history
.github/workflows/linter.yml patch | blob | blame | history
.github/workflows/mkosi.yml patch | blob | blame | history
.github/workflows/unit_tests.yml patch | blob | blame | history

diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml
index 5f2959871b2cfe06b984ff6129ce0a58e08beecf..c446fc41ba169704aae64d3e0d8c15586c2f3106 100644 (file)
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@@ -12,6 +12,8 @@ on:
       - 'src/**'
       - 'test/fuzz/**'
 
+permissions: read-all
+
 jobs:
   build:
     runs-on: ubuntu-20.04
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index 2b5dba17570b4bceafd22a68f18f0b935e00d7a7..6c02b1da1e5063eef44e68703777bdeced5aa2cf 100644 (file)
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -4,6 +4,9 @@
 # See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/
 
 name: CIFuzz
+
+permissions: read-all
+
 on:
   pull_request:
     paths:
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index c43041f37d403fa76c4fb921a5a2e1a269008cb1..7b1d1217f38078503f948cbd85c0fca2ee351c72 100644 (file)
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -9,6 +9,8 @@ on:
     # Run Coverity daily at midnight
     - cron:  '0 0 * * *'
 
+permissions: read-all
+
 jobs:
   build:
     runs-on: ubuntu-20.04
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index ee238c2fa713c4a57692d685c8a504decf4186f4..800f8877a3f616d685092110a7ff3e5f48174a27 100644 (file)
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -7,6 +7,10 @@ name: "Pull Request Labeler"
 on:
 - pull_request_target
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   triage:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index cd23fd1946a838f9387e702cde2729a8d28b455c..3905b7a6438203d2ac2674b737a2594fc09ddc58 100644 (file)
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -10,6 +10,8 @@ on:
       - main
       - v[0-9]+-stable
 
+permissions: read-all
+
 jobs:
   build:
     name: Lint Code Base
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 7f8e98fcc7d4bc426ecf5e47c8edf89897bc965e..533c8be968018581b9bc8925dd63c76c8a714d04 100644 (file)
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -14,6 +14,8 @@ on:
       - main
       - v[0-9]+-stable
 
+permissions: read-all
+
 jobs:
   ci:
     runs-on: ubuntu-20.04
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index 844784eff1d7958648b8c25ce443a8b9cd2c91d4..3f37fe866bc0a3776b8dd5a5ae02d426ff6264cb 100644 (file)
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -9,6 +9,8 @@ on:
       - main
       - v[0-9]+-stable
 
+permissions: read-all
+
 jobs:
   build:
     runs-on: ubuntu-20.04
Unnamed repository; edit this file 'description' to name the repository.