diff --git a/.github/workflows/pa11y.yml b/.github/workflows/pa11y.yml index de6b2adc72..9cbe69bfdd 100644 --- a/.github/workflows/pa11y.yml +++ b/.github/workflows/pa11y.yml @@ -15,6 +15,9 @@ env: FORCE_COLOR: 2 NODE: 24 +permissions: + contents: read + jobs: pa11y: runs-on: ubuntu-latest diff --git a/.github/workflows/publish-nuget.yml b/.github/workflows/publish-nuget.yml index 3157068941..01ef66fdda 100644 --- a/.github/workflows/publish-nuget.yml +++ b/.github/workflows/publish-nuget.yml @@ -4,6 +4,9 @@ on: release: types: [published] +permissions: + contents: read + jobs: package-nuget: runs-on: windows-latest diff --git a/.github/workflows/update-pr-approved.yml b/.github/workflows/update-pr-approved.yml index d6be5ccfa8..5579f12191 100644 --- a/.github/workflows/update-pr-approved.yml +++ b/.github/workflows/update-pr-approved.yml @@ -4,6 +4,9 @@ on: types: - submitted +permissions: + contents: read + jobs: move_card_to_next_review: if: github.event.review.state == 'approved' diff --git a/.github/workflows/update-pr-desc-links.yml b/.github/workflows/update-pr-desc-links.yml index 6eb49ec753..7c298990a6 100644 --- a/.github/workflows/update-pr-desc-links.yml +++ b/.github/workflows/update-pr-desc-links.yml @@ -4,6 +4,9 @@ on: types: - opened +permissions: + contents: read + jobs: track_pr: runs-on: ubuntu-latest diff --git a/.github/workflows/update-pr-design-a11y-approved.yml b/.github/workflows/update-pr-design-a11y-approved.yml index eca726a949..387471c374 100644 --- a/.github/workflows/update-pr-design-a11y-approved.yml +++ b/.github/workflows/update-pr-design-a11y-approved.yml @@ -5,6 +5,9 @@ on: - labeled - unlabeled +permissions: + contents: read + jobs: design_or_a11y_approved: if: (contains(github.event.*.labels.*.name, 'passed a11y review') || contains(github.event.*.labels.*.name, 'passed design review')) && !(contains(github.event.*.labels.*.name, 'ready for a11y review') || contains(github.event.*.labels.*.name, 'ready for design review')) diff --git a/.github/workflows/update-pr-ready-review.yml b/.github/workflows/update-pr-ready-review.yml index 0faec46aeb..43c601b197 100644 --- a/.github/workflows/update-pr-ready-review.yml +++ b/.github/workflows/update-pr-ready-review.yml @@ -6,6 +6,9 @@ on: - opened - reopened +permissions: + contents: read + jobs: move_card_to_need_dev_review: if: github.event.pull_request.draft == false diff --git a/.github/workflows/update-pr-review-in-progress.yml b/.github/workflows/update-pr-review-in-progress.yml index 82ed1a59bc..d915bd6d0d 100644 --- a/.github/workflows/update-pr-review-in-progress.yml +++ b/.github/workflows/update-pr-review-in-progress.yml @@ -4,6 +4,9 @@ on: types: - submitted +permissions: + contents: read + jobs: move_card_to_dev_review_in_progress: if: ${{ github.event.pull_request.draft == false && github.event.review.state == 'changes_requested' && github.actor != vars.LEAD_DEV_GH_USERNAME && github.actor != vars.A11Y_REVIEWER_GH_USERNAME }} diff --git a/README.md b/README.md index 772e015141..487bc1ea4e 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ Read the [Getting started page](https://web.unified-design-system.orange.com/doc [![JS gzip size](https://img.badgesize.io/Orange-OpenSource/Orange-Boosted-Bootstrap/ouds/main/dist/js/ouds-web.min.js?compression=gzip&label=JS%20gzip%20size)](https://github.com/Orange-OpenSource/Orange-Boosted-Bootstrap/blob/ouds/main/dist/js/ouds-web.min.js) [![JS Brotli size](https://img.badgesize.io/Orange-OpenSource/Orange-Boosted-Bootstrap/ouds/main/dist/js/ouds-web.min.js?compression=brotli&label=JS%20Brotli%20size)](https://github.com/Orange-OpenSource/Orange-Boosted-Bootstrap/blob/ouds/main/dist/js/ouds-web.min.js) [![JSDelivr](https://data.jsdelivr.com/v1/package/npm/@ouds/web-common/badge)](https://www.jsdelivr.com/package/npm/@ouds/web-common) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/Orange-OpenSource/Orange-Boosted-Bootstrap/badge)](https://scorecard.dev/viewer/?uri=github.com/Orange-OpenSource/Orange-Boosted-Bootstrap) ## What’s included