diff options
| author |  nathannaveen <42319948+nathannaveen@users.noreply.github.com>
| 2022-03-02 07:47:08 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2022-03-02 04:47:08 -0800 |
| commit | f5acb9d12adf08ffdb01082c7284679eafb9e920 (patch) | |
| tree | ea9a2964c8bab0b750c363d03d2892c800879ccb | |
| parent | a1429e1445ecaea07fbb8870c4920087c9bb9b14 (diff) | |
| download | coredns-f5acb9d12adf08ffdb01082c7284679eafb9e920.tar.gz coredns-f5acb9d12adf08ffdb01082c7284679eafb9e920.tar.zst coredns-f5acb9d12adf08ffdb01082c7284679eafb9e920.zip | |
Updated workflow permissions. (#5216)
| -rw-r--r-- | .github/workflows/codeql-analysis.yml | 7 | ||||
| -rw-r--r-- | .github/workflows/docker.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/go.coverage.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/go.test.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/stale.yml | 6 |
5 files changed, 22 insertions, 0 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 50012f4cc..718035199 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -8,8 +8,15 @@ on: schedule: - cron: '22 10 * * 4' +permissions: + contents: read + jobs: analyze: + permissions: + actions: read # for github/codeql-action/init to get workflow details + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/autobuild to send a status report name: Analyze runs-on: ubuntu-latest diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 824610f30..b2372f444 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -9,6 +9,9 @@ on: description: "Release (e.g., v1.9.0)" required: true +permissions: + contents: read + jobs: docker-release: runs-on: ubuntu-latest diff --git a/.github/workflows/go.coverage.yml b/.github/workflows/go.coverage.yml index 26f74e26a..77980c480 100644 --- a/.github/workflows/go.coverage.yml +++ b/.github/workflows/go.coverage.yml @@ -1,5 +1,8 @@ name: Go Coverage on: [pull_request] +permissions: + contents: read + jobs: test: name: Coverage diff --git a/.github/workflows/go.test.yml b/.github/workflows/go.test.yml index 00972dbe3..4b4808e54 100644 --- a/.github/workflows/go.test.yml +++ b/.github/workflows/go.test.yml @@ -1,5 +1,8 @@ name: Go Tests on: [push, pull_request] +permissions: + contents: read + jobs: test: name: Test diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 17252258d..b96ed6827 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -3,8 +3,14 @@ on: schedule: - cron: '30 1 * * *' +permissions: + contents: read + jobs: stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - uses: actions/stale@7fb802b3079a276cf3c7e6ba9aa003c665b3f838 |