diff options
| author |  Ashcon Partovi <ashcon@partovi.net>
| 2023-09-26 17:08:06 -0700 |
|---|---|---|
| committer | Ashcon Partovi <ashcon@partovi.net>
| 2023-09-26 17:08:11 -0700 |
| commit | 1bf36cf123b0722f344f600244a53ed16041a0fd (patch) | |
| tree | 4f4d2b8a0640a458e9592e1ddae94fd1372b24d1 | |
| parent | d060474f3a05a50f8424348e7e381a0af8324c8b (diff) | |
| download | bun-1bf36cf123b0722f344f600244a53ed16041a0fd.tar.gz bun-1bf36cf123b0722f344f600244a53ed16041a0fd.tar.zst bun-1bf36cf123b0722f344f600244a53ed16041a0fd.zip | |
Fix github workflow permissions
| -rw-r--r-- | .github/workflows/bun-release-canary.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/bun-release.yml | 16 |
2 files changed, 20 insertions, 4 deletions
diff --git a/.github/workflows/bun-release-canary.yml b/.github/workflows/bun-release-canary.yml index e9d9f4339..aaaf3d48e 100644 --- a/.github/workflows/bun-release-canary.yml +++ b/.github/workflows/bun-release-canary.yml @@ -9,6 +9,8 @@ jobs: name: Sign Release runs-on: ubuntu-latest if: github.repository_owner == 'oven-sh' + permissions: + contents: write defaults: run: working-directory: packages/bun-release @@ -42,6 +44,8 @@ jobs: runs-on: ubuntu-latest needs: sign if: github.repository_owner == 'oven-sh' + permissions: + contents: read defaults: run: working-directory: packages/bun-release @@ -68,6 +72,8 @@ jobs: runs-on: ubuntu-latest needs: sign if: github.repository_owner == 'oven-sh' + permissions: + contents: read strategy: matrix: variant: @@ -118,6 +124,8 @@ jobs: runs-on: ubuntu-latest needs: sign if: github.repository_owner == 'oven-sh' + permissions: + contents: read defaults: run: working-directory: packages/bun-release diff --git a/.github/workflows/bun-release.yml b/.github/workflows/bun-release.yml index ab08246e0..294a41ea6 100644 --- a/.github/workflows/bun-release.yml +++ b/.github/workflows/bun-release.yml @@ -13,9 +13,10 @@ on: jobs: sign: name: Sign Release - permissions: write-all runs-on: ubuntu-latest if: github.repository_owner == 'oven-sh' + permissions: + contents: write defaults: run: working-directory: packages/bun-release @@ -54,9 +55,10 @@ jobs: npm: name: Release to NPM runs-on: ubuntu-latest - permissions: write-all needs: sign if: github.repository_owner == 'oven-sh' + permissions: + contents: read defaults: run: working-directory: packages/bun-release @@ -90,6 +92,8 @@ jobs: runs-on: ubuntu-latest needs: sign if: github.repository_owner == 'oven-sh' + permissions: + contents: read defaults: run: working-directory: packages/bun-types @@ -133,6 +137,8 @@ jobs: runs-on: ubuntu-latest needs: sign if: github.repository_owner == 'oven-sh' + permissions: + contents: read strategy: matrix: variant: @@ -191,10 +197,11 @@ jobs: BUN_VERSION=${{ env.TAG }} homebrew: name: Release to Homebrew - permissions: write-all runs-on: ubuntu-latest needs: sign if: github.repository_owner == 'oven-sh' + permissions: + contents: read steps: - id: checkout name: Checkout @@ -235,9 +242,10 @@ jobs: s3: name: Upload to S3 runs-on: ubuntu-latest - permissions: write-all needs: sign if: github.repository_owner == 'oven-sh' + permissions: + contents: read defaults: run: working-directory: packages/bun-release |