1 Commits

Author SHA1 Message Date
HarithaVattikuti 7e1dc83f30 Add permission section 2025-01-16 08:36:04 -06:00
3 changed files with 9 additions and 17 deletions
-14
View File
@@ -1,14 +0,0 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
# Enable version updates for GitHub Actions
- package-ecosystem: 'github-actions'
# Workflow files stored in the default location of `.github/workflows`
# You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.
directory: '/'
schedule:
interval: 'weekly'
+1 -3
View File
@@ -62,9 +62,7 @@ jobs:
- name: Test
run: npm test
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Audit packages
run: npm audit --audit-level=high
if: ${{inputs.enable-audit}}
if: ${{inputs.enable-audit}}
+8
View File
@@ -74,7 +74,15 @@ basic-validation-call:
with:
enable-audit: false
```
## Recommended permissions
When using the `reusable-workflows` in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
```yaml
permissions:
contents: read # access to read repository's content
actions: read # access to reading actions
```
## License
The scripts and documentation in this project are released under the [MIT License](LICENSE.txt)