Skip to content

Commit 8ddf018

Browse files
cbruno10pskrbasu
cbruno10
authored and
pskrbasu
committed
Harden GitHub Actions: pin actions to SHAs and set explicit permissions (#644)
1 parent 217346c commit 8ddf018

5 files changed

Lines changed: 18 additions & 0 deletions

File tree

.github/workflows/add-issues-to-pipeling-issue-tracker.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@ on:
44
issues:
55
types: [opened]
66

7+
permissions:
8+
contents: read
9+
710
jobs:
811
add-to-project:
912
uses: turbot/steampipe-workflows/.github/workflows/assign-issue-to-pipeling-issue-tracker.yml@main

.github/workflows/buildimage.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ on:
55
tags:
66
- 'v*'
77

8+
permissions:
9+
contents: write
10+
811
env:
912
PROJECT_ID: steampipe
1013
IMAGE_NAME: fdw

.github/workflows/publish.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,10 @@ on:
66
description: "The published release to package as an image(must be prefixed with 'v')"
77
required: true
88

9+
permissions:
10+
contents: read
11+
packages: write
12+
913
env:
1014
PROJECT_ID: steampipe
1115
IMAGE_NAME: fdw

.github/workflows/stale.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,11 @@ on:
1010
default: "false"
1111
type: string
1212

13+
permissions:
14+
contents: read
15+
issues: write
16+
pull-requests: write
17+
1318
jobs:
1419
stale:
1520
runs-on: ubuntu-latest

.github/workflows/test.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@ name: FDW Acceptance Tests
22
on:
33
pull_request:
44

5+
permissions:
6+
contents: read
7+
58
jobs:
69
golangci_lint:
710
name: golangci-lint

0 commit comments

Comments
 (0)