mirror of
https://gitee.com/IrisVega/frp.git
synced 2024-11-01 22:31:29 +08:00
Set least privileged token permission for GitHub Actions (#3155)
Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
This commit is contained in:
parent
e5af37bc8c
commit
da51adc276
3
.github/workflows/build-and-push-image.yml
vendored
3
.github/workflows/build-and-push-image.yml
vendored
@ -9,6 +9,9 @@ on:
|
|||||||
description: 'Image tag'
|
description: 'Image tag'
|
||||||
required: true
|
required: true
|
||||||
default: 'test'
|
default: 'test'
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
image:
|
image:
|
||||||
name: Build Image from Dockerfile and binaries
|
name: Build Image from Dockerfile and binaries
|
||||||
|
3
.github/workflows/goreleaser.yml
vendored
3
.github/workflows/goreleaser.yml
vendored
@ -3,6 +3,9 @@ name: goreleaser
|
|||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
goreleaser:
|
goreleaser:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
6
.github/workflows/stale.yml
vendored
6
.github/workflows/stale.yml
vendored
@ -8,8 +8,14 @@ on:
|
|||||||
description: 'In debug mod'
|
description: 'In debug mod'
|
||||||
required: false
|
required: false
|
||||||
default: 'false'
|
default: 'false'
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
stale:
|
stale:
|
||||||
|
permissions:
|
||||||
|
issues: write # for actions/stale to close stale issues
|
||||||
|
pull-requests: write # for actions/stale to close stale PRs
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/stale@v6
|
- uses: actions/stale@v6
|
||||||
|
Loading…
Reference in New Issue
Block a user