mirror of
https://github.com/anuraghazra/github-readme-stats.git
synced 2025-01-30 14:08:14 +08:00
CI: Resolve OSSF GitHub token permissions security alert (#2891)
This commit is contained in:
Alexandr Garbuzov
GitHub
parent
ecac85edd5
commit
888c4cee94
2
.github/workflows/e2e-test.yml
vendored
2
.github/workflows/e2e-test.yml
vendored
@ -2,6 +2,8 @@ name: Test Deployment
|
||||
on:
|
||||
deployment_status:
|
||||
|
||||
permissions: read-all
|
||||
|
||||
jobs:
|
||||
e2eTests:
|
||||
if:
|
||||
|
||||
15
.github/workflows/empty-issues-closer.yaml
vendored
15
.github/workflows/empty-issues-closer.yaml
vendored
@ -6,6 +6,21 @@ on:
|
||||
- opened
|
||||
- edited
|
||||
|
||||
permissions:
|
||||
actions: read
|
||||
checks: read
|
||||
contents: read
|
||||
deployments: read
|
||||
id-token: read
|
||||
issues: write
|
||||
discussions: read
|
||||
packages: read
|
||||
pages: read
|
||||
pull-requests: read
|
||||
repository-projects: read
|
||||
security-events: read
|
||||
statuses: read
|
||||
|
||||
jobs:
|
||||
closeEmptyIssuesAndTemplates:
|
||||
if: github.repository == 'anuraghazra/github-readme-stats'
|
||||
|
||||
15
.github/workflows/generate-theme-doc.yml
vendored
15
.github/workflows/generate-theme-doc.yml
vendored
@ -6,6 +6,21 @@ on:
|
||||
paths:
|
||||
- "themes/index.js"
|
||||
|
||||
permissions:
|
||||
actions: read
|
||||
checks: read
|
||||
contents: write
|
||||
deployments: read
|
||||
id-token: read
|
||||
issues: read
|
||||
discussions: read
|
||||
packages: read
|
||||
pages: read
|
||||
pull-requests: read
|
||||
repository-projects: read
|
||||
security-events: read
|
||||
statuses: read
|
||||
|
||||
jobs:
|
||||
generateThemeDoc:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
15
.github/workflows/label-pr.yml
vendored
15
.github/workflows/label-pr.yml
vendored
@ -2,6 +2,21 @@ name: "Pull Request Labeler"
|
||||
on:
|
||||
- pull_request_target
|
||||
|
||||
permissions:
|
||||
actions: read
|
||||
checks: read
|
||||
contents: read
|
||||
deployments: read
|
||||
id-token: read
|
||||
issues: read
|
||||
discussions: read
|
||||
packages: read
|
||||
pages: read
|
||||
pull-requests: write
|
||||
repository-projects: read
|
||||
security-events: read
|
||||
statuses: read
|
||||
|
||||
jobs:
|
||||
triage:
|
||||
if: github.repository == 'anuraghazra/github-readme-stats'
|
||||
|
||||
15
.github/workflows/preview-theme.yml
vendored
15
.github/workflows/preview-theme.yml
vendored
@ -7,6 +7,21 @@ on:
|
||||
paths:
|
||||
- "themes/index.js"
|
||||
|
||||
permissions:
|
||||
actions: read
|
||||
checks: read
|
||||
contents: read
|
||||
deployments: read
|
||||
id-token: read
|
||||
issues: read
|
||||
discussions: read
|
||||
packages: read
|
||||
pages: read
|
||||
pull-requests: write
|
||||
repository-projects: read
|
||||
security-events: read
|
||||
statuses: read
|
||||
|
||||
jobs:
|
||||
previewTheme:
|
||||
name: Install & Preview
|
||||
|
||||
15
.github/workflows/prs-cache-clean.yml
vendored
15
.github/workflows/prs-cache-clean.yml
vendored
@ -4,6 +4,21 @@ on:
|
||||
types:
|
||||
- closed
|
||||
|
||||
permissions:
|
||||
actions: write
|
||||
checks: read
|
||||
contents: read
|
||||
deployments: read
|
||||
id-token: read
|
||||
issues: read
|
||||
discussions: read
|
||||
packages: read
|
||||
pages: read
|
||||
pull-requests: read
|
||||
repository-projects: read
|
||||
security-events: read
|
||||
statuses: read
|
||||
|
||||
jobs:
|
||||
cleanup:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
15
.github/workflows/stale-theme-pr-closer.yaml
vendored
15
.github/workflows/stale-theme-pr-closer.yaml
vendored
@ -3,6 +3,21 @@ on:
|
||||
schedule:
|
||||
- cron: "0 0 */7 * *"
|
||||
|
||||
permissions:
|
||||
actions: read
|
||||
checks: read
|
||||
contents: read
|
||||
deployments: read
|
||||
id-token: read
|
||||
issues: read
|
||||
discussions: read
|
||||
packages: read
|
||||
pages: read
|
||||
pull-requests: write
|
||||
repository-projects: read
|
||||
security-events: read
|
||||
statuses: read
|
||||
|
||||
jobs:
|
||||
closeOldThemePrs:
|
||||
if: github.repository == 'anuraghazra/github-readme-stats'
|
||||
|
||||
2
.github/workflows/test.yml
vendored
2
.github/workflows/test.yml
vendored
@ -7,6 +7,8 @@ on:
|
||||
branches:
|
||||
- master
|
||||
|
||||
permissions: read-all
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Perform tests
|
||||
|
||||
15
.github/workflows/top-issues-dashboard.yml
vendored
15
.github/workflows/top-issues-dashboard.yml
vendored
@ -4,6 +4,21 @@ on:
|
||||
- cron: "0 0 */3 * *"
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
actions: read
|
||||
checks: read
|
||||
contents: read
|
||||
deployments: read
|
||||
id-token: read
|
||||
issues: write
|
||||
discussions: read
|
||||
packages: read
|
||||
pages: read
|
||||
pull-requests: write
|
||||
repository-projects: read
|
||||
security-events: read
|
||||
statuses: read
|
||||
|
||||
jobs:
|
||||
showAndLabelTopIssues:
|
||||
if: github.repository == 'anuraghazra/github-readme-stats'
|
||||
|
||||
15
.github/workflows/update-langs.yaml
vendored
15
.github/workflows/update-langs.yaml
vendored
@ -3,6 +3,21 @@ on:
|
||||
schedule:
|
||||
- cron: "0 0 */30 * *"
|
||||
|
||||
permissions:
|
||||
actions: read
|
||||
checks: read
|
||||
contents: read
|
||||
deployments: read
|
||||
id-token: read
|
||||
issues: read
|
||||
discussions: read
|
||||
packages: read
|
||||
pages: read
|
||||
pull-requests: write
|
||||
repository-projects: read
|
||||
security-events: read
|
||||
statuses: read
|
||||
|
||||
jobs:
|
||||
updateLanguages:
|
||||
if: github.repository == 'anuraghazra/github-readme-stats'
|
||||
|
||||
Loading…
Reference in New Issue
Block a user