Browse Source
Lock down workflow permissions. (#19406)
Co-authored-by: Joel Challis <git@zvecr.com>
pull/19408/head
Nick Brassel
1 year ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with
41 additions and
4 deletions
-
.github/workflows/api.yml
-
.github/workflows/auto_approve.yml
-
.github/workflows/auto_tag.yml
-
.github/workflows/cli.yml
-
.github/workflows/develop_update.yml
-
.github/workflows/docs.yml
-
.github/workflows/feature_branch_update.yml
-
.github/workflows/format.yml
-
.github/workflows/format_push.yml
-
.github/workflows/labeler.yml
-
.github/workflows/lint.yml
-
.github/workflows/stale.yml
-
.github/workflows/unit_test.yml
|
|
@ -1,5 +1,8 @@ |
|
|
|
name: Update API Data |
|
|
|
|
|
|
|
permissions: |
|
|
|
contents: read |
|
|
|
|
|
|
|
on: |
|
|
|
push: |
|
|
|
branches: |
|
|
|
|
|
@ -1,5 +1,7 @@ |
|
|
|
name: Automatic Approve |
|
|
|
|
|
|
|
permissions: {} |
|
|
|
|
|
|
|
on: |
|
|
|
schedule: |
|
|
|
- cron: "*/5 * * * *" |
|
|
|
|
|
@ -1,5 +1,8 @@ |
|
|
|
name: Essential files modified |
|
|
|
|
|
|
|
permissions: |
|
|
|
contents: write |
|
|
|
|
|
|
|
on: |
|
|
|
push: |
|
|
|
branches: |
|
|
|
|
|
@ -1,5 +1,8 @@ |
|
|
|
name: CLI CI |
|
|
|
|
|
|
|
permissions: |
|
|
|
contents: read |
|
|
|
|
|
|
|
on: |
|
|
|
push: |
|
|
|
branches: |
|
|
|
|
|
@ -1,5 +1,8 @@ |
|
|
|
name: Update develop after master merge |
|
|
|
|
|
|
|
permissions: |
|
|
|
contents: write |
|
|
|
|
|
|
|
on: |
|
|
|
push: |
|
|
|
branches: |
|
|
|
|
|
@ -1,5 +1,8 @@ |
|
|
|
name: Generate Docs |
|
|
|
|
|
|
|
permissions: |
|
|
|
contents: write |
|
|
|
|
|
|
|
on: |
|
|
|
push: |
|
|
|
branches: |
|
|
|
|
|
@ -1,5 +1,8 @@ |
|
|
|
name: Update feature branches after develop merge |
|
|
|
|
|
|
|
permissions: |
|
|
|
contents: write |
|
|
|
|
|
|
|
on: |
|
|
|
push: |
|
|
|
branches: |
|
|
|
|
|
@ -1,5 +1,8 @@ |
|
|
|
name: PR Lint Format |
|
|
|
|
|
|
|
permissions: |
|
|
|
contents: read |
|
|
|
|
|
|
|
on: |
|
|
|
pull_request: |
|
|
|
paths: |
|
|
|
|
|
@ -1,5 +1,8 @@ |
|
|
|
name: Lint Format |
|
|
|
|
|
|
|
permissions: |
|
|
|
contents: read |
|
|
|
|
|
|
|
on: |
|
|
|
push: |
|
|
|
branches: |
|
|
|
|
|
@ -1,5 +1,9 @@ |
|
|
|
name: "Pull Request Labeler" |
|
|
|
|
|
|
|
permissions: |
|
|
|
contents: read |
|
|
|
pull-requests: write |
|
|
|
|
|
|
|
on: |
|
|
|
pull_request_target: |
|
|
|
types: [opened, synchronize, reopened, ready_for_review, locked] |
|
|
|
|
|
@ -1,5 +1,8 @@ |
|
|
|
name: PR Lint keyboards |
|
|
|
|
|
|
|
permissions: |
|
|
|
contents: read |
|
|
|
|
|
|
|
on: |
|
|
|
pull_request: |
|
|
|
paths: |
|
|
|
|
|
@ -1,13 +1,14 @@ |
|
|
|
name: 'Close stale issues and PRs' |
|
|
|
on: |
|
|
|
schedule: |
|
|
|
- cron: '30 1 * * *' |
|
|
|
workflow_dispatch: |
|
|
|
|
|
|
|
permissions: |
|
|
|
issues: write |
|
|
|
pull-requests: write |
|
|
|
|
|
|
|
on: |
|
|
|
schedule: |
|
|
|
- cron: '30 1 * * *' |
|
|
|
workflow_dispatch: |
|
|
|
|
|
|
|
jobs: |
|
|
|
stale: |
|
|
|
runs-on: ubuntu-latest |
|
|
|
|
|
@ -1,5 +1,8 @@ |
|
|
|
name: Unit Tests |
|
|
|
|
|
|
|
permissions: |
|
|
|
contents: read |
|
|
|
|
|
|
|
on: |
|
|
|
push: |
|
|
|
branches: |
|
|
|