Skip to content

Commit 7cbf54b

Browse files
jack-edmonds-ddjack-edmonds-dd
authored
Set more specific permissions for workflows. (#283)
1 parent 753312d commit 7cbf54b

9 files changed

+39
-0
lines changed

.github/workflows/approved_status.yml

+4
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
name: Send PR Approval Status
22

3+
permissions:
4+
contents: read
5+
pull-requests: write
6+
37
on:
48
pull_request:
59
branches:

.github/workflows/changelog.yml

+5
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
name: "Ensure labels"
2+
3+
permissions:
4+
contents: read
5+
pull-requests: read
6+
27
on: # yamllint disable-line rule:truthy
38
pull_request:
49
types:

.github/workflows/labeler.yml

+5
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
name: "Pull Request Labeler and Checker"
2+
3+
permissions:
4+
contents: read
5+
pull-requests: write
6+
27
on:
38
- pull_request
49

.github/workflows/prepare_release.yml

+4
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
name: Prepare release
22

3+
permissions:
4+
contents: write
5+
pull-requests: write
6+
37
env:
48
GIT_AUTHOR_EMAIL: "[email protected]"
59
GIT_AUTHOR_NAME: "ci.datadog-api-spec"

.github/workflows/publish.yml

+5
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,10 @@
11
name: Publish
22

3+
permissions:
4+
contents: write
5+
attestations: write
6+
pull-requests: write
7+
38
on:
49
release:
510
types:

.github/workflows/release.yml

+4
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
name: Release
22

3+
permissions:
4+
contents: write
5+
pull-requests: write
6+
37
on:
48
pull_request:
59
types: [closed]

.github/workflows/stale.yml

+6
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
# Configuration for https://github.com/actions/stale
22

33
name: "Stale issues and pull requests"
4+
5+
permissions:
6+
contents: write
7+
issues: write
8+
pull-requests: write
9+
410
on:
511
schedule:
612
- cron: "0 0 * * *"

.github/workflows/test.yml

+3
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
name: Run Tests
22

3+
permissions:
4+
contents: read
5+
36
env:
47
GIT_AUTHOR_EMAIL: "[email protected]"
58
GIT_AUTHOR_NAME: "ci.datadog-api-spec"

.github/workflows/test_integration.yml

+3
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
name: Run Integration Tests
22

3+
permissions:
4+
contents: read
5+
36
on:
47
pull_request:
58
branches:

0 commit comments

Comments
 (0)