mfulz_github/qmk_firmware
1
0
Fork 1
mirror of https://github.com/mfulz/qmk_firmware.git synced 2025-10-31 21:32:31 +01:00
Code Issues Projects Releases Wiki Activity

Lock down workflow permissions. (#19406)

Browse Source 
Co-authored-by: Joel Challis <git@zvecr.com>
This commit is contained in:
Nick Brassel 2022-12-23 10:41:16 +11:00 committed by GitHub
parent b8a9de206d
commit f75ac6042e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 41 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/api.yml vendored
View File

@ -1,5 +1,8 @@
name: Update API Data name: Update API Data
permissions:
contents: read
on: on:
push: push:
branches: branches:

2
.github/workflows/auto_approve.yml vendored
View File

@ -1,5 +1,7 @@
name: Automatic Approve name: Automatic Approve
permissions: {}
on: on:
schedule: schedule:
- cron: "*/5 * * * *" - cron: "*/5 * * * *"

3
.github/workflows/auto_tag.yml vendored
View File

@ -1,5 +1,8 @@
name: Essential files modified name: Essential files modified
permissions:
contents: write
on: on:
push: push:
branches: branches:

3
.github/workflows/cli.yml vendored
View File

@ -1,5 +1,8 @@
name: CLI CI name: CLI CI
permissions:
contents: read
on: on:
push: push:
branches: branches:

3
.github/workflows/develop_update.yml vendored
View File

@ -1,5 +1,8 @@
name: Update develop after master merge name: Update develop after master merge
permissions:
contents: write
on: on:
push: push:
branches: branches:

3
.github/workflows/docs.yml vendored
View File

@ -1,5 +1,8 @@
name: Generate Docs name: Generate Docs
permissions:
contents: write
on: on:
push: push:
branches: branches:

3
.github/workflows/feature_branch_update.yml vendored
View File

@ -1,5 +1,8 @@
name: Update feature branches after develop merge name: Update feature branches after develop merge
permissions:
contents: write
on: on:
push: push:
branches: branches:

3
.github/workflows/format.yml vendored
View File

@ -1,5 +1,8 @@
name: PR Lint Format name: PR Lint Format
permissions:
contents: read
on: on:
pull_request: pull_request:
paths: paths:

3
.github/workflows/format_push.yml vendored
View File

@ -1,5 +1,8 @@
name: Lint Format name: Lint Format
permissions:
contents: read
on: on:
push: push:
branches: branches:

4
.github/workflows/labeler.yml vendored
View File

@ -1,5 +1,9 @@
name: "Pull Request Labeler" name: "Pull Request Labeler"
permissions:
contents: read
pull-requests: write
on: on:
pull_request_target: pull_request_target:
types: [opened, synchronize, reopened, ready_for_review, locked] types: [opened, synchronize, reopened, ready_for_review, locked]

3
.github/workflows/lint.yml vendored
View File

@ -1,5 +1,8 @@
name: PR Lint keyboards name: PR Lint keyboards
permissions:
contents: read
on: on:
pull_request: pull_request:
paths: paths:

9
.github/workflows/stale.yml vendored
View File

@ -1,13 +1,14 @@
name: 'Close stale issues and PRs' name: 'Close stale issues and PRs'
on:
schedule:
- cron: '30 1 * * *'
workflow_dispatch:
permissions: permissions:
issues: write issues: write
pull-requests: write pull-requests: write
on:
schedule:
- cron: '30 1 * * *'
workflow_dispatch:
jobs: jobs:
stale: stale:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
.github/workflows/unit_test.yml vendored
View File

@ -1,5 +1,8 @@
name: Unit Tests name: Unit Tests
permissions:
contents: read
on: on:
push: push:
branches: branches: