Update starter workflows to specify permissions

This commit is contained in:
eric sciple
2021-03-02 19:59:19 -06:00
parent ffb4bccd2d
commit 6a69f367db
13 changed files with 40 additions and 0 deletions
+3
View File
@@ -5,6 +5,9 @@ on: [pull_request, issues]
jobs:
greeting:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/first-interaction@v1
with:
+3
View File
@@ -12,6 +12,9 @@ jobs:
label:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/labeler@v2
+3
View File
@@ -8,6 +8,9 @@ jobs:
stale:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v3
+4
View File
@@ -44,6 +44,10 @@ jobs:
runs-on: ubuntu-latest
if: github.event_name == 'push'
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
+3
View File
@@ -10,6 +10,9 @@ jobs:
build:
name: Build + Publish
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
+3
View File
@@ -11,6 +11,9 @@ jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
+3
View File
@@ -11,6 +11,9 @@ jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
+3
View File
@@ -35,6 +35,9 @@ jobs:
publish-gpr:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
+3
View File
@@ -24,6 +24,9 @@ jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
strategy:
fail-fast: false
+3
View File
@@ -18,6 +18,9 @@ jobs:
lint:
name: Kubesec
runs-on: ubuntu-20.04
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v2
+3
View File
@@ -37,6 +37,9 @@ jobs:
name: Mayhem for API
# Mayhem for API runs on linux, mac and windows
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v2
+3
View File
@@ -18,6 +18,9 @@ jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout repository
+3
View File
@@ -17,6 +17,9 @@ jobs:
tfsec:
name: Run tfsec sarif report
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Clone repo