mh
/
qmk_firmware
mirror of https://github.com/qmk/qmk_firmware/
1
0
Fork 0
Code Issues 0 Projects 0 Releases 1.6k Wiki Activity
Browse Source

Lock down workflow permissions. (#19406) 

Co-authored-by: Joel Challis <git@zvecr.com>
pull/19408/head
Nick Brassel 1 year ago
committed by GitHub
parent
b8a9de206d
commit
f75ac6042e
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 41 additions and 4 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -0
      .github/workflows/api.yml
  2. +2
    -0
      .github/workflows/auto_approve.yml
  3. +3
    -0
      .github/workflows/auto_tag.yml
  4. +3
    -0
      .github/workflows/cli.yml
  5. +3
    -0
      .github/workflows/develop_update.yml
  6. +3
    -0
      .github/workflows/docs.yml
  7. +3
    -0
      .github/workflows/feature_branch_update.yml
  8. +3
    -0
      .github/workflows/format.yml
  9. +3
    -0
      .github/workflows/format_push.yml
  10. +4
    -0
      .github/workflows/labeler.yml
  11. +3
    -0
      .github/workflows/lint.yml
  12. +5
    -4
      .github/workflows/stale.yml
  13. +3
    -0
      .github/workflows/unit_test.yml

+ 3
- 0
.github/workflows/api.yml View File

@ -1,5 +1,8 @@
name: Update API Data
permissions:
contents: read
on:
push:
branches:


+ 2
- 0
.github/workflows/auto_approve.yml View File

@ -1,5 +1,7 @@
name: Automatic Approve
permissions: {}
on:
schedule:
- cron: "*/5 * * * *"


+ 3
- 0
.github/workflows/auto_tag.yml View File

@ -1,5 +1,8 @@
name: Essential files modified
permissions:
contents: write
on:
push:
branches:


+ 3
- 0
.github/workflows/cli.yml View File

@ -1,5 +1,8 @@
name: CLI CI
permissions:
contents: read
on:
push:
branches:


+ 3
- 0
.github/workflows/develop_update.yml View File

@ -1,5 +1,8 @@
name: Update develop after master merge
permissions:
contents: write
on:
push:
branches:


+ 3
- 0
.github/workflows/docs.yml View File

@ -1,5 +1,8 @@
name: Generate Docs
permissions:
contents: write
on:
push:
branches:


+ 3
- 0
.github/workflows/feature_branch_update.yml View File

@ -1,5 +1,8 @@
name: Update feature branches after develop merge
permissions:
contents: write
on:
push:
branches:


+ 3
- 0
.github/workflows/format.yml View File

@ -1,5 +1,8 @@
name: PR Lint Format
permissions:
contents: read
on:
pull_request:
paths:


+ 3
- 0
.github/workflows/format_push.yml View File

@ -1,5 +1,8 @@
name: Lint Format
permissions:
contents: read
on:
push:
branches:


+ 4
- 0
.github/workflows/labeler.yml View File

@ -1,5 +1,9 @@
name: "Pull Request Labeler"
permissions:
contents: read
pull-requests: write
on:
pull_request_target:
types: [opened, synchronize, reopened, ready_for_review, locked]


+ 3
- 0
.github/workflows/lint.yml View File

@ -1,5 +1,8 @@
name: PR Lint keyboards
permissions:
contents: read
on:
pull_request:
paths:


+ 5
- 4
.github/workflows/stale.yml View File

@ -1,13 +1,14 @@
name: 'Close stale issues and PRs'
on:
schedule:
- cron: '30 1 * * *'
workflow_dispatch:
permissions:
issues: write
pull-requests: write
on:
schedule:
- cron: '30 1 * * *'
workflow_dispatch:
jobs:
stale:
runs-on: ubuntu-latest


+ 3
- 0
.github/workflows/unit_test.yml View File

@ -1,5 +1,8 @@
name: Unit Tests
permissions:
contents: read
on:
push:
branches:


Write Preview
Loading…
Cancel
Save